Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   tmpu$$.tmp - Trojaner oder was kann das sein? (https://www.trojaner-board.de/135255-tmpu-tmp-trojaner.html)

Selo2 20.05.2013 16:25
tmpu$$.tmp - Trojaner oder was kann das sein?
 
Liebe Expertenrunde,

auf meinem ACER Travel Mate 64bit (W7) taucht nach dem Hochfahren eine Meldung auf in der auf die Datei

"tmpu$$.tmp"

verwiesen wird. Es würde kein Programm existieren um es zu öffnen.

Nach Recherchen im Internet bin ich eigentlich nur auf eure Seite gestoßen und erhoffe mir Hinweise um

1. herauszufinden, um was es sich handelt und
2. wie das Teil zu entfernen ist.

Ich bin nicht untätig geblieben und habe die "Einsteigerhinweise" durchgearbeitet (Defogger, OTL, Gmer). Die generierten Dateien habe ich in den Thread hochgeladen.

Befindet sich jemand hier, der sich der Sache annehmen kann oder eine Idee hat, was das sein könnte? Vielen herzlichen Dank für jede Anregung.

Beste Grüße
Selo2

cosinus 21.05.2013 14:06
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Selo2 22.05.2013 08:34
Hi cosinus,

zuerst einmal herzlichen Dank für Deinen Beitrag.

Ich habe mal einen Blick in meinen Virenscanner geworfen und folgende zwei Meldungen gefunden:

In der Datei 'C:\Users\Müller\AppData\Local\Temp\mpb06232.php'
wurde ein Virus oder unerwünschtes Programm 'HTML/Framer.DO.229' [virus] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

In der Datei 'C:\Users\Müller\AppData\Local\Temp\plugtmp-14\plugin-ca.php'
wurde ein Virus oder unerwünschtes Programm 'HTML/Framer.DO.229' [virus] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

Hilft das evtl. weiter?

PS: zu Deinem zip-Hinweis: werde ich gerne das nächste mal machen. Danke für diese Info.

Vielen Dank für die Hilfe.

cosinus 22.05.2013 09:38
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Selo2 22.05.2013 09:44
OK Cosinus,

ich mache mich jetzt an die Arbeit und halte mich an die Abfolge. Habe derzeit Urlaub und die Zeit dazu. Bis gleich.

cosinus 22.05.2013 09:53
Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)

Selo2 22.05.2013 10:07
Klar.

Zur Sache: ich habe von ComboFix gerade die Nachricht erhalten, dass ich noch eine zweite Version von Spybod - Search & Destroy noch auf meinem Rechner aktive habe. Mir war das nicht bewusst und ich habe jetzt gleich mit der Deinstallation begonnen. Anscheinend habe ich bei der Deinstallation von Spybot vor ein paar Tagen übersehen, dass eine weitere Version installiert habe. Die zweite, noch vorhandene, scheine ich über die mitgelieferte Deinstallationsdatei nicht entfernen zu können. Der Vorgang hängt seit einigen Minuten, der Statusbalken bewegt sich nicht mehr.

Parallel dazu hat sich das ComCoFix Fenster geöffnet:

Die obigen Realt-Time Scanner sind immer noch aktiv aber ComboFix wird trotzdem mit dem Suchlauf fortfahren. Bitte nehm zur Kenntnis, dass dies in eigener Verantwortung geschieht.

Frage hierzu: soll ich jetzt den Vorgang über den Task-Manager abbrechen, das Fenster schließen oder evtl. eine andere Maßnahme starten?

Danke.

cosinus 22.05.2013 10:24
Versuch Spybot zu beenden und cf dann werkeln zu lassen.

Selo2 22.05.2013 11:02
ComboFix ist fertig. Habe das Ergebnis aus der .txt-Datei hier eingestellt. Hoffe es passt so:

Code:
ComboFix 13-05-22.01 - Müller 22.05.2013  11:34:32.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.2807.1200 [GMT 2:00]
ausgeführt von:: c:\users\M³ller\Desktop\ComboFix.exe
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Spybot - Search & Destroy *Enabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-22 bis 2013-05-22  ))))))))))))))))))))))))))))))
.
.
2013-05-22 09:47 . 2013-05-22 09:47        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-05-22 08:57 . 2013-05-22 08:57        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{51B81451-E19F-40D1-B5C5-E8F88136DE0C}\offreg.dll
2013-05-22 08:52 . 2013-05-22 08:52        --------        d-----w-        C:\ProcAlyzer Dumps
2013-05-22 08:21 . 2013-05-22 08:21        --------        d-----w-        c:\users\Müller\AppData\Roaming\Check Point Software Technologies LTD
2013-05-22 07:25 . 2013-05-13 06:37        9460464        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{51B81451-E19F-40D1-B5C5-E8F88136DE0C}\mpengine.dll
2013-05-17 15:35 . 2013-05-22 07:37        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2013-05-16 19:08 . 2013-05-05 21:36        17818624        ----a-w-        c:\windows\system32\mshtml.dll
2013-05-16 19:08 . 2013-05-05 21:16        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2013-05-16 19:08 . 2013-05-05 19:12        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2013-05-16 18:28 . 2013-02-27 05:52        14172672        ----a-w-        c:\windows\system32\shell32.dll
2013-05-16 18:28 . 2013-02-27 05:52        197120        ----a-w-        c:\windows\system32\shdocvw.dll
2013-05-16 18:28 . 2013-02-27 05:48        1930752        ----a-w-        c:\windows\system32\authui.dll
2013-05-16 18:28 . 2013-02-27 06:02        111448        ----a-w-        c:\windows\system32\consent.exe
2013-05-16 18:28 . 2013-02-27 04:49        1796096        ----a-w-        c:\windows\SysWow64\authui.dll
2013-05-16 18:28 . 2013-02-27 05:47        70144        ----a-w-        c:\windows\system32\appinfo.dll
2013-05-16 18:27 . 2013-04-10 06:01        265064        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 18:27 . 2013-04-10 06:01        983400        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 18:27 . 2011-02-03 11:25        144384        ----a-w-        c:\windows\system32\cdd.dll
2013-05-16 18:27 . 2013-03-19 05:53        48640        ----a-w-        c:\windows\system32\wwanprotdim.dll
2013-05-16 18:27 . 2013-03-19 05:53        230400        ----a-w-        c:\windows\system32\wwansvc.dll
2013-05-16 18:27 . 2013-04-10 03:30        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-05-15 19:13 . 2013-05-15 19:13        --------        d-----w-        c:\users\Müller\AppData\Roaming\Malwarebytes
2013-05-15 19:12 . 2013-05-15 19:12        --------        d-----w-        c:\programdata\Malwarebytes
2013-05-15 19:12 . 2013-05-15 19:12        --------        d-----w-        c:\users\Müller\AppData\Local\Programs
2013-05-10 07:57 . 2013-05-10 07:57        187456        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-04-24 16:01 . 2013-04-12 14:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 19:15 . 2011-07-08 19:23        75016696        ----a-w-        c:\windows\system32\MRT.exe
2013-05-15 18:21 . 2012-03-31 04:02        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 18:21 . 2011-07-07 16:58        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 16:21 . 2012-07-17 13:37        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2011-07-05 19:34        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 18:27        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 18:27        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 18:27        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 18:27        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 18:27        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 18:27        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-03-19 06:04 . 2013-04-10 18:27        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 18:27        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 18:27        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 18:27        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 18:27        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 18:27        112640        ----a-w-        c:\windows\system32\smss.exe
2013-02-27 16:07 . 2013-02-27 16:07        0        ----a-w-        c:\windows\SysWow64\sho1B7C.tmp
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-13 18:42        222712        ----a-w-        c:\users\Müller\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-13 18:42        222712        ----a-w-        c:\users\Müller\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-13 18:42        222712        ----a-w-        c:\users\Müller\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE" [2012-01-04 3208032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2011-08-04 3225504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-01-21 220744]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TMPU$$.TMP [2013-5-7 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-9-24 704032]
AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2011-7-5 117344]
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2011-7-14 3520000]
WinTV Recording Status..lnk - c:\program files (x86)\WinTV\WinTV7\WinTVTray.exe [2011-7-5 82944]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe [2013-5-2 1393744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-08-04 1149864]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2011-04-04 658944]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2011-04-04 19840]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2010-04-17 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 BOINC;BOINC;c:\program files\BOINC\boinc.exe [2012-05-15 1194672]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-22 828072]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2010-04-17 144640]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 SDFirewallService;Spybot-S&D 2 Firewall Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe [2011-05-10 3585696]
S2 SDMonitorService;Spybot-S&D 2 Monitoring Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe [2011-05-10 3834456]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-08-04 1082800]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-08-04 169624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-14 11576]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-03-21 321064]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ISWKL
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 18:21]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 20:37]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-15 20:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-13 18:42        261624        ----a-w-        c:\users\Müller\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-13 18:42        261624        ----a-w-        c:\users\Müller\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-13 18:42        261624        ----a-w-        c:\users\Müller\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2012-05-15 5860016]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2012-05-15 70832]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=515143689ac94bfa93db799b70f05c0e&tu=10GX0006W1B000c&sku=&tstsId=&ver=&
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Müller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Müller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Müller\AppData\Roaming\Mozilla\Firefox\Profiles\bcmcfwmt.default\
FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=515143689ac94bfa93db799b70f05c0e&tu=10GX0008B1B0008&sku=&tstsId=&ver=&
FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&q={searchTerms}&gu=515143689ac94bfa93db799b70f05c0e&tu=10GX0006W1B000c&sku=&tstsId=&ver=&
FF - ExtSQL: 2013-05-22 10:26; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&q={searchTerms}&gu=515143689ac94bfa93db799b70f05c0e&tu=10GX0006W1B000c&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1622:08
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.hpOld0 - hxxp://www.google.de/
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=515143689ac94bfa93db799b70f05c0e&tu=10GX0008B1B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - d413975300000000000018f46a75d225
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15847
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1110:21
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN24578912189901-1025
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=515143689ac94bfa93db799b70f05c0e&tu=10GX0008B1B0008&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=de&gu=515143689ac94bfa93db799b70f05c0e&tu=10GX0008B1B0008&sku=&tstsId=&ver=&
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-ISW - (no file)
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1642583527-1093831069-1541574401-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1642583527-1093831069-1541574401-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-1642583527-1093831069-1541574401-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-22  11:52:31
ComboFix-quarantined-files.txt  2013-05-22 09:52
.
Vor Suchlauf: 11 Verzeichnis(se), 90.325.938.176 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 90.719.916.032 Bytes frei
.
- - End Of File - - B2C15C691735B8C7C4DD3C58144F1EB4

cosinus 22.05.2013 11:10
Zitat:
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Spybot - Search & Destroy *Enabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
Bitte beides deinstallieren. ZA ist überflüssig bis kontraproduktiv.
Die andere Spybot-Installation ggf. versuchen mit dem Revo-Uninstaller zu entfernen

Selo2 22.05.2013 11:36
- Spybot erfolgreich mit Revo deinstalliert
- Zonealarm noch nicht deinstalliert, da ich im Moment noch keine Alternative habe -> evtl. Tipp?

Hinweis 1:
Beim Hochfahren hat mich Windows darauf aufmerksam gemacht, dass ich das Windows Starter Set, mit dem ich arbeite, reparieren soll.

Hinweis 2:
Meldung von ZoneAlerm, dass OffSpon.EXE auf das Internet zugreifen will

Zusatzinfo zur OffSpon.EXE:

Anwendung: Q:\140066.deu\Office14\OffSpon.EXE
Ziel-IP: 94.245.117.45 HTTP

cosinus 22.05.2013 11:56
Zitat:
- Zonealarm noch nicht deinstalliert, da ich im Moment noch keine Alternative habe -> evtl. Tipp?
Wieso Alternative, Windows hat bereits ein Bordmittel: Windows-Firewall!
Mehr braucht es wirklich nicht für Software dieser Art!

Selo2 22.05.2013 12:35
Zusatzinfo:

Zone Alarm deinstalliert - Windows Firewall war bereits aktiv

cosinus 22.05.2013 12:46
Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Selo2 22.05.2013 13:18
Nach Durchlauf von Malware: kein Fund.

Hier Log-Datei:

Code:
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Müller :: MÜLLER-PC [administrator]

22.05.2013 14:11:28
mbar-log-2013-05-22 (14-11-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30090
Time elapsed: 14 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Fahre jetzt fort mit den anderen beiden Programmen.

Ergebnis aswMBR:

Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-22 14:30:45
-----------------------------
14:30:45.428    OS Version: Windows x64 6.1.7601 Service Pack 1
14:30:45.429    Number of processors: 4 586 0x2505
14:30:45.430    ComputerName: MÜLLER-PC  UserName: Müller
14:30:47.030    Initialize success
14:34:57.756    AVAST engine defs: 13052200
14:35:10.751    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:35:10.751    Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
14:35:10.892    Disk 0 MBR read successfully
14:35:10.892    Disk 0 MBR scan
14:35:10.923    Disk 0 Windows 7 default MBR code
14:35:10.923    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        14336 MB offset 2048
14:35:10.938    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 29362176
14:35:10.970    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      290807 MB offset 29566976
14:35:11.001    Disk 0 scanning C:\Windows\system32\drivers
14:35:24.776    Service scanning
14:35:54.150    Modules scanning
14:35:54.166    Disk 0 trace - called modules:
14:35:54.213    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:35:54.213    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800656c060]
14:35:54.228    3 CLASSPNP.SYS[fffff88001a9143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800459e050]
14:35:55.539    AVAST engine scan C:\Windows
14:36:00.515    AVAST engine scan C:\Windows\system32
14:40:12.783    AVAST engine scan C:\Windows\system32\drivers
14:40:30.879    AVAST engine scan C:\Users\Müller
15:00:47.437    AVAST engine scan C:\ProgramData
15:03:37.091    Scan finished successfully
15:07:13.449    Disk 0 MBR has been saved successfully to "C:\Users\Müller\Desktop\MBR.dat"
15:07:13.460    The log file has been saved successfully to "C:\Users\Müller\Desktop\aswMBR.txt"
Fahre jetzt fort mit tdsskiller

Hier das Ergebnis von tdsskiller

Code:
15:10:17.0652 3672  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:10:17.0913 3672  ============================================================
15:10:17.0913 3672  Current date / time: 2013/05/22 15:10:17.0913
15:10:17.0913 3672  SystemInfo:
15:10:17.0913 3672 
15:10:17.0914 3672  OS Version: 6.1.7601 ServicePack: 1.0
15:10:17.0914 3672  Product type: Workstation
15:10:17.0914 3672  ComputerName: MÜLLER-PC
15:10:17.0917 3672  UserName: Müller
15:10:17.0917 3672  Windows directory: C:\Windows
15:10:17.0917 3672  System windows directory: C:\Windows
15:10:17.0917 3672  Running under WOW64
15:10:17.0917 3672  Processor architecture: Intel x64
15:10:17.0917 3672  Number of processors: 4
15:10:17.0917 3672  Page size: 0x1000
15:10:17.0917 3672  Boot type: Normal boot
15:10:17.0917 3672  ============================================================
15:10:18.0501 3672  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:10:18.0505 3672  ============================================================
15:10:18.0505 3672  \Device\Harddisk0\DR0:
15:10:18.0506 3672  MBR partitions:
15:10:18.0506 3672  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
15:10:18.0506 3672  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x237FB800
15:10:18.0506 3672  ============================================================
15:10:18.0538 3672  C: <-> \Device\Harddisk0\DR0\Partition2
15:10:18.0538 3672  ============================================================
15:10:18.0538 3672  Initialize success
15:10:18.0538 3672  ============================================================
15:10:26.0130 3356  ============================================================
15:10:26.0130 3356  Scan started
15:10:26.0130 3356  Mode: Manual; SigCheck; TDLFS;
15:10:26.0130 3356  ============================================================
15:10:26.0650 3356  ================ Scan system memory ========================
15:10:26.0650 3356  System memory - ok
15:10:26.0652 3356  ================ Scan services =============================
15:10:27.0014 3356  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:10:27.0451 3356  1394ohci - ok
15:10:27.0514 3356  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:10:27.0568 3356  ACPI - ok
15:10:27.0649 3356  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
15:10:27.0752 3356  AcpiPmi - ok
15:10:27.0919 3356  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:10:27.0954 3356  AdobeARMservice - ok
15:10:28.0169 3356  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:10:28.0208 3356  AdobeFlashPlayerUpdateSvc - ok
15:10:28.0299 3356  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
15:10:28.0362 3356  adp94xx - ok
15:10:28.0428 3356  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
15:10:28.0479 3356  adpahci - ok
15:10:28.0543 3356  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
15:10:28.0585 3356  adpu320 - ok
15:10:28.0678 3356  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
15:10:28.0977 3356  AeLookupSvc - ok
15:10:29.0086 3356  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
15:10:29.0179 3356  AFD - ok
15:10:29.0235 3356  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:10:29.0271 3356  agp440 - ok
15:10:29.0327 3356  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
15:10:29.0400 3356  ALG - ok
15:10:29.0460 3356  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:10:29.0494 3356  aliide - ok
15:10:29.0517 3356  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:10:29.0550 3356  amdide - ok
15:10:29.0599 3356  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
15:10:29.0695 3356  AmdK8 - ok
15:10:29.0744 3356  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:10:29.0815 3356  AmdPPM - ok
15:10:29.0889 3356  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
15:10:29.0929 3356  amdsata - ok
15:10:29.0968 3356  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:10:30.0011 3356  amdsbs - ok
15:10:30.0044 3356  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
15:10:30.0082 3356  amdxata - ok
15:10:30.0221 3356  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:10:30.0255 3356  AntiVirSchedulerService - ok
15:10:30.0326 3356  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:10:30.0356 3356  AntiVirService - ok
15:10:30.0431 3356  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
15:10:30.0811 3356  AppID - ok
15:10:30.0913 3356  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:10:31.0082 3356  AppIDSvc - ok
15:10:31.0177 3356  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo        C:\Windows\System32\appinfo.dll
15:10:31.0243 3356  Appinfo - ok
15:10:31.0403 3356  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:10:31.0433 3356  Apple Mobile Device - ok
15:10:31.0503 3356  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
15:10:31.0553 3356  arc - ok
15:10:31.0593 3356  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:10:31.0653 3356  arcsas - ok
15:10:31.0843 3356  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:10:31.0883 3356  aspnet_state - ok
15:10:31.0913 3356  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:10:32.0013 3356  AsyncMac - ok
15:10:32.0083 3356  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
15:10:32.0103 3356  atapi - ok
15:10:32.0183 3356  [ E642491F64E58CD5BC8FB8B347DCF65F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:10:32.0313 3356  athr - ok
15:10:32.0383 3356  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:10:32.0523 3356  AudioEndpointBuilder - ok
15:10:32.0543 3356  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:10:32.0653 3356  AudioSrv - ok
15:10:32.0713 3356  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:10:32.0793 3356  avgntflt - ok
15:10:32.0843 3356  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:10:32.0863 3356  avipbb - ok
15:10:32.0893 3356  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:10:32.0913 3356  avkmgr - ok
15:10:32.0963 3356  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:10:33.0073 3356  AxInstSV - ok
15:10:33.0123 3356  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
15:10:33.0223 3356  b06bdrv - ok
15:10:33.0253 3356  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:10:33.0313 3356  b57nd60a - ok
15:10:33.0443 3356  [ 2D659B569A76CDB83B815675A80D7096 ] BCM43XX        C:\Windows\system32\DRIVERS\bcmwl664.sys
15:10:33.0693 3356  BCM43XX - ok
15:10:33.0723 3356  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:10:33.0773 3356  BDESVC - ok
15:10:33.0793 3356  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:10:33.0894 3356  Beep - ok
15:10:33.0994 3356  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
15:10:34.0114 3356  BFE - ok
15:10:34.0154 3356  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
15:10:34.0344 3356  BITS - ok
15:10:34.0374 3356  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:10:34.0414 3356  blbdrive - ok
15:10:34.0524 3356  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:10:34.0554 3356  Bonjour Service - ok
15:10:34.0624 3356  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:10:34.0674 3356  bowser - ok
15:10:34.0724 3356  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:10:34.0804 3356  BrFiltLo - ok
15:10:34.0824 3356  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:10:34.0894 3356  BrFiltUp - ok
15:10:34.0954 3356  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:10:35.0054 3356  BridgeMP - ok
15:10:35.0114 3356  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
15:10:35.0174 3356  Browser - ok
15:10:35.0204 3356  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
15:10:35.0274 3356  Brserid - ok
15:10:35.0304 3356  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:10:35.0354 3356  BrSerWdm - ok
15:10:35.0374 3356  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:10:35.0424 3356  BrUsbMdm - ok
15:10:35.0444 3356  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:10:35.0484 3356  BrUsbSer - ok
15:10:35.0514 3356  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:10:35.0564 3356  BTHMODEM - ok
15:10:35.0604 3356  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
15:10:35.0694 3356  bthserv - ok
15:10:35.0724 3356  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:10:35.0834 3356  cdfs - ok
15:10:35.0914 3356  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\drivers\cdrom.sys
15:10:35.0954 3356  cdrom - ok
15:10:36.0004 3356  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
15:10:36.0104 3356  CertPropSvc - ok
15:10:36.0144 3356  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:10:36.0174 3356  circlass - ok
15:10:36.0204 3356  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:10:36.0244 3356  CLFS - ok
15:10:36.0304 3356  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:10:36.0324 3356  clr_optimization_v2.0.50727_32 - ok
15:10:36.0364 3356  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:10:36.0384 3356  clr_optimization_v2.0.50727_64 - ok
15:10:36.0534 3356  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:10:36.0554 3356  clr_optimization_v4.0.30319_32 - ok
15:10:36.0594 3356  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:10:36.0644 3356  clr_optimization_v4.0.30319_64 - ok
15:10:36.0704 3356  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:10:36.0734 3356  CmBatt - ok
15:10:36.0794 3356  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:10:36.0814 3356  cmdide - ok
15:10:36.0884 3356  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
15:10:36.0954 3356  CNG - ok
15:10:36.0994 3356  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:10:37.0024 3356  Compbatt - ok
15:10:37.0074 3356  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:10:37.0144 3356  CompositeBus - ok
15:10:37.0154 3356  COMSysApp - ok
15:10:37.0184 3356  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
15:10:37.0204 3356  crcdisk - ok
15:10:37.0264 3356  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:10:37.0314 3356  CryptSvc - ok
15:10:37.0404 3356  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:10:37.0464 3356  cvhsvc - ok
15:10:37.0534 3356  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:10:37.0664 3356  DcomLaunch - ok
15:10:37.0694 3356  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
15:10:37.0804 3356  defragsvc - ok
15:10:37.0864 3356  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:10:37.0984 3356  DfsC - ok
15:10:38.0064 3356  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:10:38.0134 3356  Dhcp - ok
15:10:38.0134 3356  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:10:38.0234 3356  discache - ok
15:10:38.0274 3356  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:10:38.0304 3356  Disk - ok
15:10:38.0344 3356  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:10:38.0414 3356  Dnscache - ok
15:10:38.0464 3356  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
15:10:38.0564 3356  dot3svc - ok
15:10:38.0624 3356  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
15:10:38.0724 3356  DPS - ok
15:10:38.0754 3356  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
15:10:38.0784 3356  drmkaud - ok
15:10:38.0884 3356  [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService  C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:10:38.0924 3356  DsiWMIService - ok
15:10:38.0994 3356  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
15:10:39.0084 3356  DXGKrnl - ok
15:10:39.0124 3356  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
15:10:39.0254 3356  EapHost - ok
15:10:39.0344 3356  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
15:10:39.0514 3356  ebdrv - ok
15:10:39.0574 3356  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
15:10:39.0624 3356  EFS - ok
15:10:39.0704 3356  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
15:10:39.0784 3356  ehRecvr - ok
15:10:39.0804 3356  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
15:10:39.0864 3356  ehSched - ok
15:10:39.0894 3356  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
15:10:39.0944 3356  elxstor - ok
15:10:40.0044 3356  [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc      C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
15:10:40.0104 3356  ePowerSvc - ok
15:10:40.0134 3356  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:10:40.0174 3356  ErrDev - ok
15:10:40.0204 3356  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
15:10:40.0314 3356  EventSystem - ok
15:10:40.0344 3356  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
15:10:40.0434 3356  exfat - ok
15:10:40.0464 3356  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
15:10:40.0554 3356  fastfat - ok
15:10:40.0634 3356  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
15:10:40.0714 3356  Fax - ok
15:10:40.0734 3356  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
15:10:40.0794 3356  fdc - ok
15:10:40.0804 3356  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
15:10:40.0914 3356  fdPHost - ok
15:10:40.0934 3356  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:10:41.0044 3356  FDResPub - ok
15:10:41.0064 3356  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:10:41.0094 3356  FileInfo - ok
15:10:41.0114 3356  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
15:10:41.0224 3356  Filetrace - ok
15:10:41.0254 3356  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:10:41.0294 3356  flpydisk - ok
15:10:41.0374 3356  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:10:41.0404 3356  FltMgr - ok
15:10:41.0504 3356  [ C4C183E6551084039EC862DA1C945E3D ] FontCache      C:\Windows\system32\FntCache.dll
15:10:41.0594 3356  FontCache - ok
15:10:41.0674 3356  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:10:41.0703 3356  FontCache3.0.0.0 - ok
15:10:41.0725 3356  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
15:10:41.0762 3356  FsDepends - ok
15:10:41.0809 3356  [ B16B626996C74B564005BA855C5DEE90 ] fssfltr        C:\Windows\system32\DRIVERS\fssfltr.sys
15:10:41.0853 3356  fssfltr - ok
15:10:42.0020 3356  [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:10:42.0160 3356  fsssvc - ok
15:10:42.0212 3356  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:10:42.0242 3356  Fs_Rec - ok
15:10:42.0302 3356  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:10:42.0354 3356  fvevol - ok
15:10:42.0398 3356  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:10:42.0430 3356  gagp30kx - ok
15:10:42.0512 3356  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:10:42.0534 3356  GEARAspiWDM - ok
15:10:42.0610 3356  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
15:10:42.0765 3356  gpsvc - ok
15:10:42.0837 3356  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
15:10:42.0857 3356  GREGService - ok
15:10:43.0166 3356  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:10:43.0187 3356  gupdate - ok
15:10:43.0233 3356  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:10:43.0254 3356  gupdatem - ok
15:10:43.0328 3356  [ 335F1796AB4AE621D34A7229D6EEFA95 ] HauppaugeTVServer C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
15:10:43.0371 3356  HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - warning
15:10:43.0371 3356  HauppaugeTVServer - detected UnsignedFile.Multi.Generic (1)
15:10:43.0394 3356  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:10:43.0448 3356  hcw85cir - ok
15:10:43.0520 3356  [ 7927EB9E64902FCAF126538F009C824C ] hcw95bda        C:\Windows\system32\Drivers\hcw95bda.sys
15:10:43.0578 3356  hcw95bda - ok
15:10:43.0597 3356  [ 6CC035E4B3FD9702ABEB71D3FF8B899E ] hcw95rc        C:\Windows\system32\DRIVERS\hcw95rc.sys
15:10:43.0630 3356  hcw95rc - ok
15:10:43.0707 3356  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:10:43.0767 3356  HdAudAddService - ok
15:10:43.0808 3356  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:10:43.0854 3356  HDAudBus - ok
15:10:43.0892 3356  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64        C:\Windows\system32\DRIVERS\HECIx64.sys
15:10:43.0913 3356  HECIx64 - ok
15:10:43.0938 3356  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
15:10:43.0975 3356  HidBatt - ok
15:10:43.0995 3356  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:10:44.0030 3356  HidBth - ok
15:10:44.0048 3356  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
15:10:44.0092 3356  HidIr - ok
15:10:44.0137 3356  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\System32\hidserv.dll
15:10:44.0242 3356  hidserv - ok
15:10:44.0263 3356  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:10:44.0286 3356  HidUsb - ok
15:10:44.0341 3356  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:10:44.0449 3356  hkmsvc - ok
15:10:44.0538 3356  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:10:44.0601 3356  HomeGroupListener - ok
15:10:44.0687 3356  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:10:44.0730 3356  HomeGroupProvider - ok
15:10:44.0753 3356  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:10:44.0775 3356  HpSAMD - ok
15:10:44.0857 3356  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:10:44.0976 3356  HTTP - ok
15:10:45.0051 3356  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:10:45.0070 3356  hwpolicy - ok
15:10:45.0124 3356  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:10:45.0146 3356  i8042prt - ok
15:10:45.0198 3356  [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:10:45.0228 3356  iaStor - ok
15:10:45.0296 3356  [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:10:45.0309 3356  IAStorDataMgrSvc - ok
15:10:45.0338 3356  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
15:10:45.0377 3356  iaStorV - ok
15:10:45.0435 3356  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:10:45.0484 3356  idsvc - ok
15:10:45.0733 3356  [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:10:46.0123 3356  igfx - ok
15:10:46.0161 3356  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
15:10:46.0183 3356  iirsp - ok
15:10:46.0224 3356  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:10:46.0344 3356  IKEEXT - ok
15:10:46.0395 3356  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd          C:\Windows\system32\DRIVERS\Impcd.sys
15:10:46.0449 3356  Impcd - ok
15:10:46.0543 3356  [ A3BCBD0F710580A07D1B929D787D36CE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:10:46.0654 3356  IntcAzAudAddService - ok
15:10:46.0695 3356  [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
15:10:46.0742 3356  IntcDAud - ok
15:10:46.0759 3356  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:10:46.0775 3356  intelide - ok
15:10:46.0811 3356  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:10:46.0845 3356  intelppm - ok
15:10:46.0876 3356  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
15:10:46.0954 3356  IPBusEnum - ok
15:10:47.0006 3356  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:10:47.0092 3356  IpFilterDriver - ok
15:10:47.0157 3356  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:10:47.0230 3356  iphlpsvc - ok
15:10:47.0281 3356  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
15:10:47.0315 3356  IPMIDRV - ok
15:10:47.0337 3356  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
15:10:47.0404 3356  IPNAT - ok
15:10:47.0511 3356  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:10:47.0543 3356  iPod Service - ok
15:10:47.0562 3356  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:10:47.0624 3356  IRENUM - ok
15:10:47.0676 3356  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:10:47.0693 3356  isapnp - ok
15:10:47.0752 3356  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:10:47.0775 3356  iScsiPrt - ok
15:10:47.0820 3356  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr      C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:10:47.0836 3356  IviRegMgr - ok
15:10:47.0876 3356  [ C9B4ECC187581E5BF3F76648884B7829 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
15:10:47.0900 3356  k57nd60a - ok
15:10:47.0937 3356  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:10:47.0953 3356  kbdclass - ok
15:10:48.0019 3356  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:10:48.0054 3356  kbdhid - ok
15:10:48.0079 3356  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:10:48.0095 3356  KeyIso - ok
15:10:48.0148 3356  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:10:48.0165 3356  KSecDD - ok
15:10:48.0227 3356  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
15:10:48.0248 3356  KSecPkg - ok
15:10:48.0264 3356  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
15:10:48.0327 3356  ksthunk - ok
15:10:48.0372 3356  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
15:10:48.0457 3356  KtmRm - ok
15:10:48.0517 3356  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:10:48.0603 3356  LanmanServer - ok
15:10:48.0655 3356  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:10:48.0734 3356  LanmanWorkstation - ok
15:10:48.0765 3356  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:10:48.0843 3356  lltdio - ok
15:10:48.0882 3356  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
15:10:48.0967 3356  lltdsvc - ok
15:10:48.0988 3356  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
15:10:49.0065 3356  lmhosts - ok
15:10:49.0133 3356  [ DBC1136A62BD4DECC3632DF650284C2E ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:10:49.0154 3356  LMS - ok
15:10:49.0197 3356  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:10:49.0215 3356  LSI_FC - ok
15:10:49.0226 3356  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
15:10:49.0244 3356  LSI_SAS - ok
15:10:49.0266 3356  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:10:49.0285 3356  LSI_SAS2 - ok
15:10:49.0302 3356  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:10:49.0321 3356  LSI_SCSI - ok
15:10:49.0354 3356  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
15:10:49.0440 3356  luafv - ok
15:10:49.0495 3356  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
15:10:49.0527 3356  Mcx2Svc - ok
15:10:49.0542 3356  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
15:10:49.0559 3356  megasas - ok
15:10:49.0579 3356  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:10:49.0608 3356  MegaSR - ok
15:10:49.0629 3356  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
15:10:49.0732 3356  MMCSS - ok
15:10:49.0753 3356  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
15:10:49.0842 3356  Modem - ok
15:10:49.0859 3356  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
15:10:49.0893 3356  monitor - ok
15:10:49.0948 3356  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:10:49.0965 3356  mouclass - ok
15:10:49.0993 3356  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:10:50.0028 3356  mouhid - ok
15:10:50.0087 3356  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:10:50.0105 3356  mountmgr - ok
15:10:50.0211 3356  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:10:50.0233 3356  MozillaMaintenance - ok
15:10:50.0289 3356  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:10:50.0313 3356  mpio - ok
15:10:50.0330 3356  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:10:50.0395 3356  mpsdrv - ok
15:10:50.0460 3356  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:10:50.0564 3356  MpsSvc - ok
15:10:50.0610 3356  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:10:50.0656 3356  MRxDAV - ok
15:10:50.0689 3356  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:10:50.0737 3356  mrxsmb - ok
15:10:50.0800 3356  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:10:50.0840 3356  mrxsmb10 - ok
15:10:50.0877 3356  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:10:50.0918 3356  mrxsmb20 - ok
15:10:50.0951 3356  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:10:50.0968 3356  msahci - ok
15:10:50.0991 3356  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
15:10:51.0010 3356  msdsm - ok
15:10:51.0052 3356  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
15:10:51.0089 3356  MSDTC - ok
15:10:51.0134 3356  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:10:51.0199 3356  Msfs - ok
15:10:51.0222 3356  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
15:10:51.0300 3356  mshidkmdf - ok
15:10:51.0361 3356  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:10:51.0378 3356  msisadrv - ok
15:10:51.0427 3356  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
15:10:51.0497 3356  MSiSCSI - ok
15:10:51.0504 3356  msiserver - ok
15:10:51.0529 3356  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
15:10:51.0605 3356  MSKSSRV - ok
15:10:51.0620 3356  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:10:51.0676 3356  MSPCLOCK - ok
15:10:51.0697 3356  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
15:10:51.0761 3356  MSPQM - ok
15:10:51.0823 3356  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
15:10:51.0848 3356  MsRPC - ok
15:10:51.0860 3356  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:10:51.0876 3356  mssmbios - ok
15:10:51.0884 3356  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
15:10:51.0949 3356  MSTEE - ok
15:10:51.0971 3356  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:10:51.0997 3356  MTConfig - ok
15:10:52.0028 3356  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
15:10:52.0046 3356  Mup - ok
15:10:52.0109 3356  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:10:52.0191 3356  napagent - ok
15:10:52.0242 3356  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
15:10:52.0272 3356  NativeWifiP - ok
15:10:52.0345 3356  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:10:52.0390 3356  NDIS - ok
15:10:52.0411 3356  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
15:10:52.0468 3356  NdisCap - ok
15:10:52.0503 3356  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:10:52.0560 3356  NdisTapi - ok
15:10:52.0614 3356  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
15:10:52.0670 3356  Ndisuio - ok
15:10:52.0729 3356  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
15:10:52.0787 3356  NdisWan - ok
15:10:52.0836 3356  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
15:10:52.0902 3356  NDProxy - ok
15:10:52.0968 3356  [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl        C:\Windows\system32\DRIVERS\netaapl64.sys
15:10:53.0019 3356  Netaapl - ok
15:10:53.0031 3356  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
15:10:53.0097 3356  NetBIOS - ok
15:10:53.0160 3356  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
15:10:53.0229 3356  NetBT - ok
15:10:53.0245 3356  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:10:53.0261 3356  Netlogon - ok
15:10:53.0302 3356  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:10:53.0383 3356  Netman - ok
15:10:53.0447 3356  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:10:53.0463 3356  NetMsmqActivator - ok
15:10:53.0470 3356  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:10:53.0485 3356  NetPipeActivator - ok
15:10:53.0509 3356  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:10:53.0577 3356  netprofm - ok
15:10:53.0598 3356  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:10:53.0613 3356  NetTcpActivator - ok
15:10:53.0620 3356  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:10:53.0635 3356  NetTcpPortSharing - ok
15:10:53.0660 3356  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
15:10:53.0677 3356  nfrd960 - ok
15:10:53.0740 3356  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:10:53.0785 3356  NlaSvc - ok
15:10:53.0899 3356  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess      C:\Windows\SysWOW64\NMSAccess32.exe
15:10:53.0913 3356  NMSAccess - ok
15:10:53.0924 3356  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:10:53.0989 3356  Npfs - ok
15:10:54.0003 3356  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
15:10:54.0086 3356  nsi - ok
15:10:54.0114 3356  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:10:54.0185 3356  nsiproxy - ok
15:10:54.0269 3356  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:10:54.0356 3356  Ntfs - ok
15:10:54.0417 3356  [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
15:10:54.0434 3356  NTI IScheduleSvc - ok
15:10:54.0469 3356  [ 28C59F594044CBF8598B18C927097091 ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
15:10:54.0481 3356  NTIBackupSvc - ok
15:10:54.0567 3356  [ 710263B44C1D1AEE07525A53401FBE48 ] NTIDrvr        C:\Windows\system32\drivers\NTIDrvr.sys
15:10:54.0580 3356  NTIDrvr - ok
15:10:54.0612 3356  [ B8D903B2894FF9AFBD99CA51C35590D7 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
15:10:54.0657 3356  NTISchedulerSvc - ok
15:10:54.0678 3356  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:10:54.0767 3356  Null - ok
15:10:54.0839 3356  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:10:54.0858 3356  nvraid - ok
15:10:54.0874 3356  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:10:54.0894 3356  nvstor - ok
15:10:54.0950 3356  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:10:54.0968 3356  nv_agp - ok
15:10:55.0022 3356  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:10:55.0057 3356  ohci1394 - ok
15:10:55.0107 3356  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:10:55.0124 3356  ose - ok
15:10:55.0276 3356  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:10:55.0467 3356  osppsvc - ok
15:10:55.0496 3356  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:10:55.0545 3356  p2pimsvc - ok
15:10:55.0574 3356  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:10:55.0610 3356  p2psvc - ok
15:10:55.0629 3356  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
15:10:55.0661 3356  Parport - ok
15:10:55.0716 3356  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
15:10:55.0733 3356  partmgr - ok
15:10:55.0754 3356  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:10:55.0793 3356  PcaSvc - ok
15:10:55.0809 3356  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
15:10:55.0829 3356  pci - ok
15:10:55.0848 3356  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:10:55.0863 3356  pciide - ok
15:10:55.0882 3356  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:10:55.0903 3356  pcmcia - ok
15:10:55.0928 3356  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
15:10:55.0945 3356  pcw - ok
15:10:55.0966 3356  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:10:56.0050 3356  PEAUTH - ok
15:10:56.0087 3356  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:10:56.0117 3356  PerfHost - ok
15:10:56.0206 3356  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
15:10:56.0320 3356  pla - ok
15:10:56.0367 3356  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:10:56.0421 3356  PlugPlay - ok
15:10:56.0505 3356  [ F485770EEC8959684CC4C4786B63C06C ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:10:56.0571 3356  Pml Driver HPZ12 - ok
15:10:56.0592 3356  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
15:10:56.0609 3356  PNRPAutoReg - ok
15:10:56.0630 3356  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
15:10:56.0651 3356  PNRPsvc - ok
15:10:56.0706 3356  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
15:10:56.0786 3356  PolicyAgent - ok
15:10:56.0820 3356  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
15:10:56.0883 3356  Power - ok
15:10:56.0942 3356  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:10:57.0009 3356  PptpMiniport - ok
15:10:57.0030 3356  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
15:10:57.0056 3356  Processor - ok
15:10:57.0116 3356  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
15:10:57.0152 3356  ProfSvc - ok
15:10:57.0167 3356  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:10:57.0184 3356  ProtectedStorage - ok
15:10:57.0243 3356  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:10:57.0324 3356  Psched - ok
15:10:57.0363 3356  [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2      C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
15:10:57.0379 3356  PSI_SVC_2 - ok
15:10:57.0420 3356  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:10:57.0496 3356  ql2300 - ok
15:10:57.0519 3356  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:10:57.0538 3356  ql40xx - ok
15:10:57.0560 3356  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
15:10:57.0591 3356  QWAVE - ok
15:10:57.0615 3356  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:10:57.0656 3356  QWAVEdrv - ok
15:10:57.0674 3356  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:10:57.0737 3356  RasAcd - ok
15:10:57.0766 3356  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
15:10:57.0854 3356  RasAgileVpn - ok
15:10:57.0882 3356  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
15:10:57.0962 3356  RasAuto - ok
15:10:58.0017 3356  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
15:10:58.0093 3356  Rasl2tp - ok
15:10:58.0159 3356  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:10:58.0258 3356  RasMan - ok
15:10:58.0283 3356  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:10:58.0367 3356  RasPppoe - ok
15:10:58.0386 3356  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
15:10:58.0456 3356  RasSstp - ok
15:10:58.0518 3356  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
15:10:58.0596 3356  rdbss - ok
15:10:58.0612 3356  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:10:58.0636 3356  rdpbus - ok
15:10:58.0651 3356  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:10:58.0709 3356  RDPCDD - ok
15:10:58.0748 3356  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:10:58.0818 3356  RDPENCDD - ok
15:10:58.0829 3356  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:10:58.0900 3356  RDPREFMP - ok
15:10:58.0949 3356  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
15:10:59.0006 3356  RDPWD - ok
15:10:59.0058 3356  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:10:59.0079 3356  rdyboost - ok
15:10:59.0119 3356  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:10:59.0193 3356  RemoteAccess - ok
15:10:59.0214 3356  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:10:59.0276 3356  RemoteRegistry - ok
15:10:59.0311 3356  [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
15:10:59.0339 3356  RimUsb - ok
15:10:59.0361 3356  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:10:59.0437 3356  RpcEptMapper - ok
15:10:59.0469 3356  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:10:59.0502 3356  RpcLocator - ok
15:10:59.0557 3356  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
15:10:59.0622 3356  RpcSs - ok
15:10:59.0642 3356  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:10:59.0714 3356  rspndr - ok
15:10:59.0778 3356  [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR      C:\Windows\system32\Drivers\RtsUStor.sys
15:10:59.0797 3356  RSUSBSTOR - ok
15:10:59.0862 3356  [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service      C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
15:10:59.0882 3356  RS_Service - ok
15:10:59.0901 3356  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
15:10:59.0919 3356  SamSs - ok
15:10:59.0967 3356  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:10:59.0984 3356  sbp2port - ok
15:11:00.0005 3356  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:11:00.0069 3356  SCardSvr - ok
15:11:00.0123 3356  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:11:00.0194 3356  scfilter - ok
15:11:00.0268 3356  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:11:00.0380 3356  Schedule - ok
15:11:00.0433 3356  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
15:11:00.0494 3356  SCPolicySvc - ok
15:11:00.0555 3356  SDFirewallService - ok
15:11:00.0569 3356  SDMonitorService - ok
15:11:00.0639 3356  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:11:00.0669 3356  SDRSVC - ok
15:11:00.0675 3356  SDScannerService - ok
15:11:00.0684 3356  SDUpdateService - ok
15:11:00.0694 3356  SDWSCService - ok
15:11:00.0761 3356  [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort        C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:11:00.0783 3356  SeaPort - ok
15:11:00.0825 3356  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:11:00.0891 3356  secdrv - ok
15:11:00.0949 3356  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:11:01.0018 3356  seclogon - ok
15:11:01.0042 3356  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
15:11:01.0116 3356  SENS - ok
15:11:01.0144 3356  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:11:01.0202 3356  SensrSvc - ok
15:11:01.0220 3356  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
15:11:01.0260 3356  Serenum - ok
15:11:01.0287 3356  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:11:01.0305 3356  Serial - ok
15:11:01.0355 3356  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:11:01.0390 3356  sermouse - ok
15:11:01.0467 3356  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:11:01.0530 3356  SessionEnv - ok
15:11:01.0578 3356  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
15:11:01.0623 3356  sffdisk - ok
15:11:01.0642 3356  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:11:01.0666 3356  sffp_mmc - ok
15:11:01.0687 3356  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
15:11:01.0716 3356  sffp_sd - ok
15:11:01.0723 3356  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
15:11:01.0739 3356  sfloppy - ok
15:11:01.0811 3356  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs          C:\Windows\system32\DRIVERS\Sftfslh.sys
15:11:01.0844 3356  Sftfs - ok
15:11:01.0929 3356  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist        C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:11:01.0954 3356  sftlist - ok
15:11:02.0001 3356  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay        C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:11:02.0021 3356  Sftplay - ok
15:11:02.0032 3356  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:11:02.0044 3356  Sftredir - ok
15:11:02.0065 3356  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
15:11:02.0077 3356  Sftvol - ok
15:11:02.0128 3356  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:11:02.0146 3356  sftvsa - ok
15:11:02.0194 3356  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:11:02.0266 3356  SharedAccess - ok
15:11:02.0328 3356  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:11:02.0407 3356  ShellHWDetection - ok
15:11:02.0443 3356  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:11:02.0459 3356  SiSRaid2 - ok
15:11:02.0466 3356  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:11:02.0482 3356  SiSRaid4 - ok
15:11:02.0546 3356  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
15:11:02.0561 3356  SkypeUpdate - ok
15:11:02.0578 3356  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
15:11:02.0650 3356  Smb - ok
15:11:02.0695 3356  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:11:02.0731 3356  SNMPTRAP - ok
15:11:02.0796 3356  [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan        C:\Windows\syswow64\speedfan.sys
15:11:02.0812 3356  speedfan - ok
15:11:02.0820 3356  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
15:11:02.0835 3356  spldr - ok
15:11:02.0892 3356  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
15:11:02.0934 3356  Spooler - ok
15:11:03.0040 3356  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:11:03.0207 3356  sppsvc - ok
15:11:03.0229 3356  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
15:11:03.0296 3356  sppuinotify - ok
15:11:03.0326 3356  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
15:11:03.0380 3356  srv - ok
15:11:03.0406 3356  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:11:03.0440 3356  srv2 - ok
15:11:03.0467 3356  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:11:03.0485 3356  srvnet - ok
15:11:03.0529 3356  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
15:11:03.0603 3356  SSDPSRV - ok
15:11:03.0661 3356  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
15:11:03.0674 3356  SSPORT - ok
15:11:03.0692 3356  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
15:11:03.0767 3356  SstpSvc - ok
15:11:03.0782 3356  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:11:03.0797 3356  stexstor - ok
15:11:03.0864 3356  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:11:03.0910 3356  stisvc - ok
15:11:03.0953 3356  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:11:03.0968 3356  swenum - ok
15:11:03.0988 3356  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
15:11:04.0074 3356  swprv - ok
15:11:04.0123 3356  [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
15:11:04.0147 3356  SynTP - ok
15:11:04.0226 3356  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
15:11:04.0325 3356  SysMain - ok
15:11:04.0378 3356  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:11:04.0425 3356  TabletInputService - ok
15:11:04.0484 3356  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
15:11:04.0566 3356  TapiSrv - ok
15:11:04.0582 3356  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
15:11:04.0657 3356  TBS - ok
15:11:04.0742 3356  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
15:11:04.0841 3356  Tcpip - ok
15:11:04.0884 3356  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:11:04.0948 3356  TCPIP6 - ok
15:11:05.0004 3356  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:11:05.0037 3356  tcpipreg - ok
15:11:05.0078 3356  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:11:05.0128 3356  TDPIPE - ok
15:11:05.0182 3356  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
15:11:05.0202 3356  TDTCP - ok
15:11:05.0261 3356  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
15:11:05.0341 3356  tdx - ok
15:11:05.0390 3356  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:11:05.0413 3356  TermDD - ok
15:11:05.0474 3356  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
15:11:05.0557 3356  TermService - ok
15:11:05.0589 3356  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:11:05.0617 3356  Themes - ok
15:11:05.0640 3356  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
15:11:05.0705 3356  THREADORDER - ok
15:11:05.0724 3356  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:11:05.0792 3356  TrkWks - ok
15:11:05.0864 3356  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:11:05.0945 3356  TrustedInstaller - ok
15:11:06.0001 3356  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:11:06.0068 3356  tssecsrv - ok
15:11:06.0126 3356  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:11:06.0191 3356  TsUsbFlt - ok
15:11:06.0282 3356  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:11:06.0366 3356  tunnel - ok
15:11:06.0383 3356  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:11:06.0401 3356  uagp35 - ok
15:11:06.0431 3356  [ 40079B0B801C5432BA435B5AD61CE6E3 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
15:11:06.0447 3356  UBHelper - ok
15:11:06.0532 3356  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:11:06.0600 3356  udfs - ok
15:11:06.0628 3356  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
15:11:06.0671 3356  UI0Detect - ok
15:11:06.0697 3356  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:11:06.0714 3356  uliagpkx - ok
15:11:06.0780 3356  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\drivers\umbus.sys
15:11:06.0811 3356  umbus - ok
15:11:06.0831 3356  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:11:06.0865 3356  UmPass - ok
15:11:06.0967 3356  [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:11:07.0091 3356  UNS - ok
15:11:07.0143 3356  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:11:07.0168 3356  Updater Service - ok
15:11:07.0186 3356  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:11:07.0271 3356  upnphost - ok
15:11:07.0339 3356  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
15:11:07.0375 3356  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
15:11:07.0375 3356  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
15:11:07.0399 3356  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
15:11:07.0425 3356  usbccgp - ok
15:11:07.0474 3356  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:11:07.0515 3356  usbcir - ok
15:11:07.0534 3356  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
15:11:07.0564 3356  usbehci - ok
15:11:07.0586 3356  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:11:07.0623 3356  usbhub - ok
15:11:07.0650 3356  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
15:11:07.0676 3356  usbohci - ok
15:11:07.0697 3356  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:11:07.0719 3356  usbprint - ok
15:11:07.0778 3356  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
15:11:07.0804 3356  usbscan - ok
15:11:07.0829 3356  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:11:07.0857 3356  USBSTOR - ok
15:11:07.0876 3356  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
15:11:07.0904 3356  usbuhci - ok
15:11:07.0942 3356  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:11:07.0982 3356  usbvideo - ok
15:11:08.0009 3356  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
15:11:08.0092 3356  UxSms - ok
15:11:08.0134 3356  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:11:08.0154 3356  VaultSvc - ok
15:11:08.0251 3356  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:11:08.0268 3356  vdrvroot - ok
15:11:08.0320 3356  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
15:11:08.0396 3356  vds - ok
15:11:08.0415 3356  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
15:11:08.0440 3356  vga - ok
15:11:08.0462 3356  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
15:11:08.0525 3356  VgaSave - ok
15:11:08.0546 3356  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
15:11:08.0571 3356  vhdmp - ok
15:11:08.0621 3356  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:11:08.0637 3356  viaide - ok
15:11:08.0657 3356  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:11:08.0674 3356  volmgr - ok
15:11:08.0733 3356  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
15:11:08.0760 3356  volmgrx - ok
15:11:08.0779 3356  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
15:11:08.0803 3356  volsnap - ok
15:11:08.0827 3356  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
15:11:08.0847 3356  vsmraid - ok
15:11:08.0929 3356  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
15:11:09.0040 3356  VSS - ok
15:11:09.0056 3356  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:11:09.0081 3356  vwifibus - ok
15:11:09.0095 3356  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:11:09.0133 3356  vwififlt - ok
15:11:09.0165 3356  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
15:11:09.0191 3356  vwifimp - ok
15:11:09.0220 3356  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
15:11:09.0293 3356  W32Time - ok
15:11:09.0309 3356  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:11:09.0342 3356  WacomPen - ok
15:11:09.0383 3356  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:11:09.0463 3356  WANARP - ok
15:11:09.0469 3356  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:11:09.0533 3356  Wanarpv6 - ok
15:11:09.0615 3356  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
15:11:09.0689 3356  WatAdminSvc - ok
15:11:09.0755 3356  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:11:09.0856 3356  wbengine - ok
15:11:09.0877 3356  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:11:09.0917 3356  WbioSrvc - ok
15:11:09.0975 3356  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
15:11:10.0027 3356  wcncsvc - ok
15:11:10.0043 3356  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:11:10.0082 3356  WcsPlugInService - ok
15:11:10.0102 3356  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:11:10.0119 3356  Wd - ok
15:11:10.0195 3356  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:11:10.0237 3356  Wdf01000 - ok
15:11:10.0253 3356  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:11:10.0332 3356  WdiServiceHost - ok
15:11:10.0337 3356  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
15:11:10.0369 3356  WdiSystemHost - ok
15:11:10.0461 3356  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
15:11:10.0515 3356  WebClient - ok
15:11:10.0534 3356  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:11:10.0622 3356  Wecsvc - ok
15:11:10.0642 3356  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
15:11:10.0708 3356  wercplsupport - ok
15:11:10.0731 3356  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:11:10.0806 3356  WerSvc - ok
15:11:10.0836 3356  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:11:10.0897 3356  WfpLwf - ok
15:11:10.0915 3356  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:11:10.0931 3356  WIMMount - ok
15:11:10.0960 3356  WinDefend - ok
15:11:10.0972 3356  WinHttpAutoProxySvc - ok
15:11:11.0044 3356  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
15:11:11.0112 3356  Winmgmt - ok
15:11:11.0203 3356  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
15:11:11.0347 3356  WinRM - ok
15:11:11.0409 3356  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:11:11.0449 3356  WinUsb - ok
15:11:11.0499 3356  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
15:11:11.0543 3356  Wlansvc - ok
15:11:11.0741 3356  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:11:11.0852 3356  wlidsvc - ok
15:11:11.0891 3356  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
15:11:11.0907 3356  WmiAcpi - ok
15:11:11.0963 3356  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:11:11.0997 3356  wmiApSrv - ok
15:11:12.0019 3356  WMPNetworkSvc - ok
15:11:12.0039 3356  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:11:12.0067 3356  WPCSvc - ok
15:11:12.0123 3356  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:11:12.0161 3356  WPDBusEnum - ok
15:11:12.0200 3356  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
15:11:12.0260 3356  ws2ifsl - ok
15:11:12.0277 3356  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
15:11:12.0313 3356  wscsvc - ok
15:11:12.0319 3356  WSearch - ok
15:11:12.0421 3356  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:11:12.0528 3356  wuauserv - ok
15:11:12.0572 3356  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:11:12.0639 3356  WudfPf - ok
15:11:12.0668 3356  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:11:12.0687 3356  WUDFRd - ok
15:11:12.0738 3356  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
15:11:12.0774 3356  wudfsvc - ok
15:11:12.0821 3356  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc        C:\Windows\System32\wwansvc.dll
15:11:12.0873 3356  WwanSvc - ok
15:11:12.0913 3356  ================ Scan global ===============================
15:11:12.0943 3356  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:11:13.0001 3356  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:11:13.0012 3356  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:11:13.0041 3356  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:11:13.0078 3356  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:11:13.0083 3356  [Global] - ok
15:11:13.0084 3356  ================ Scan MBR ==================================
15:11:13.0126 3356  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:11:13.0497 3356  \Device\Harddisk0\DR0 - ok
15:11:13.0498 3356  ================ Scan VBR ==================================
15:11:13.0502 3356  [ 8E81E6D845553703D5FE2517C319756C ] \Device\Harddisk0\DR0\Partition1
15:11:13.0504 3356  \Device\Harddisk0\DR0\Partition1 - ok
15:11:13.0540 3356  [ 450B139333C593F50796E62F938EFE69 ] \Device\Harddisk0\DR0\Partition2
15:11:13.0542 3356  \Device\Harddisk0\DR0\Partition2 - ok
15:11:13.0543 3356  ============================================================
15:11:13.0543 3356  Scan finished
15:11:13.0543 3356  ============================================================
15:11:13.0564 3000  Detected object count: 2
15:11:13.0564 3000  Actual detected object count: 2
15:12:01.0543 3000  HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:01.0544 3000  HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:12:01.0545 3000  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:01.0545 3000  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 22.05.2013 14:32
JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

Selo2 22.05.2013 15:16
Hier also die Ergebnisse:

JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Mller on 22.05.2013 at 15:35:41,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortapp.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\nctaudiocdgrabber2.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2613550
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho1718.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1B7C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho233A.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3FC0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4D27.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4D83.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6386.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7EC0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho931F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9B45.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9D7B.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAAD0.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB70F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE214.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEF7E.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF142.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFF08.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Mller\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Mller\appdata\locallow\conduit"
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{112DD5B3-26D5-4CC6-ABE5-53D44A9795E0}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{15262BD5-6E2A-4E28-9262-F21410E8C450}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{180033D0-0B3C-406C-99D4-40D2F015BC6E}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{1A6261B8-F998-4C19-8CE0-EDD712682602}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{2F4CDEE5-F34B-4D6B-9E9F-7E7FB92DBADC}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{3EB60CA6-5FAC-4236-88CE-A75B4D8CF770}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{3F9FD54A-3553-4F8F-9D64-8780F06531D8}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{7091C3FA-E089-4201-8351-7F43A17002FB}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{903CFB60-B3FF-4BA4-8B9D-3E85BEBBFF2D}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{AB1FA7FB-7179-43F3-92D1-7E5D56F3A92B}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{B359D8CE-035A-4286-BA30-D9A393E4EE89}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{B8101AE1-D876-485D-897F-B1B8AB2451E3}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{B9A6A22D-34FE-4A6D-8F52-532595D31D81}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{BB23C185-18FE-4E09-BF83-E3FAF353E2D5}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{C00E0939-4AB8-4524-B9BE-DB59E615A888}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{CECFF7A6-1864-4528-8AB7-2979ECF14ABD}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{D0F9691C-928B-4D9F-8BFE-52D6079439E1}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{E4973A0E-9B2B-41E4-A55B-A0C9AD48AA47}
Successfully deleted: [Empty Folder] C:\Users\Mller\appdata\local\{FAF0778F-FE36-40DA-82E7-666A7B1B90D7}



~~~ FireFox

Successfully deleted: [File] C:\Users\Mller\AppData\Roaming\mozilla\firefox\profiles\bcmcfwmt.default\user.js
Emptied folder: C:\Users\Mller\AppData\Roaming\mozilla\firefox\profiles\bcmcfwmt.default\minidumps [101 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.05.2013 at 15:42:29,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
adw

Code:
# AdwCleaner v2.301 - Datei am 22/05/2013 um 16:07:44 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Müller - MÜLLER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Müller\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\MLLER~1\AppData\Local\Temp\Uninstall.exe
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Müller\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Müller\AppData\Roaming\Mozilla\Firefox\Profiles\bcmcfwmt.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\Müller\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [6781 octets] - [22/05/2013 16:07:44]

########## EOF - C:\AdwCleaner[S1].txt - [6841 octets] ##########
und die beiden aus dem OTL

otl.txt

Code:
OTL logfile created on: 22.05.2013 15:46:57 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Müller\Desktop\Trojanerjagd
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,74 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 42,01% Memory free
5,48 Gb Paging File | 3,41 Gb Available in Paging File | 62,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,99 Gb Total Space | 85,45 Gb Free Space | 30,09% Space Free | Partition Type: NTFS
 
Computer Name: MÜLLER-PC | User Name: Müller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Müller\Desktop\Trojanerjagd\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\program files (x86)\avira\antivir desktop\ipmGui.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_6.01_windows_intelx86.exe ()
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe (Space Sciences Laboratory)
PRC - C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe ()
PRC - C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Windows\SysWOW64\NMSAccess32.exe ()
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wcore13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae113.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wgui13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wkont13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsguiwinapi48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wauff13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wfvie13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rscorewinapi48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wfabu13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wwerb13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae413.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wimp13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\whau213.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\whau113.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae313.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wsteu13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae213.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wreli13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wmain13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsodbc48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsdcom48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\clucene-core.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\clucene-contribs-lib.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\clucene-shared.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_6.01_windows_intelx86.exe ()
MOD - C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\libfftw3f-3-1-1a_upx.dll ()
MOD - C:\Program Files (x86)\Hardcopy\HcDllS.dll ()
MOD - C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Hardcopy\hardcopy_03.dll ()
MOD - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\Hardcopy\HcDLL2_30_Win32.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HauppaugeTVServer) -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE (Hauppauge Computer Works)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Windows\SysWOW64\NMSAccess32.exe ()
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (hcw95rc) -- C:\Windows\SysNative\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hcw95bda) -- C:\Windows\SysNative\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=515143689ac94bfa93db799b70f05c0e&tu=10GX0006W1B000c&sku=&tstsId=&ver=&
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=174
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\..\SearchScopes\{CDEF11D8-7175-476A-973C-EC26CF68D561}: "URL" = hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&q={searchTerms}&gu=515143689ac94bfa93db799b70f05c0e&tu=10GX0006W1B000c&sku=&tstsId=&ver=&&r=374
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: donottrack%40checkpoint.com:2.2.5.1213
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Müller\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Müller\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010.10.28 01:28:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.10.28 01:28:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.10.28 01:28:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 22:53:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.17 17:35:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 22:53:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.07.05 21:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Müller\AppData\Roaming\mozilla\Extensions
[2013.05.22 10:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions
[2013.02.09 12:32:48 | 000,000,000 | ---D | M] (ZoneAlarm Do Not Track) -- C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com
[2012.12.11 15:37:12 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Müller\AppData\Roaming\mozilla\firefox\profiles\bcmcfwmt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.08 23:09:11 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Müller\AppData\Roaming\mozilla\firefox\profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\content\ff\view_expiry.js
[2012.01.02 22:44:50 | 000,002,484 | ---- | M] () -- C:\Users\Müller\AppData\Roaming\mozilla\firefox\profiles\bcmcfwmt.default\searchplugins\ixquick.xml
[2012.01.02 22:44:15 | 000,004,140 | ---- | M] () -- C:\Users\Müller\AppData\Roaming\mozilla\firefox\profiles\bcmcfwmt.default\searchplugins\youtube.xml
[2013.04.12 22:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\MüLLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCMCFWMT.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.XPI
File not found (No name found) -- C:\USERS\MüLLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCMCFWMT.DEFAULT\EXTENSIONS\DONOTTRACK@CHECKPOINT.COM
[2013.04.12 22:53:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.11 21:40:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.06 09:26:50 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.11 21:40:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.11 21:40:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.11 21:40:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.11 21:40:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.google.com/
CHR - Extension: No name found = C:\Users\Müller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Müller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Müller\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\4.2.22.2_0\
CHR - Extension: No name found = C:\Users\Müller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.3.16\bh\zonealarm.dll File not found
O2 - BHO: (no name) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - No CLSID value found.
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.3.16\zonealarmTlbr.dll File not found
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4:64bit: - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" File not found
O4 - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TMPU$$.TMP ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Müller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Müller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Müller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Müller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {E9B39AC7-B9FB-48CA-84A0-1659A05F0003} hxxp://www.wohnmoebel.de/csschmal/install/KPSA-Home%20CSSchmal.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B8E5C8D-8193-4FFB-8D49-F598C5726D61}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E7D753E-167F-44E3-A0FB-BE7D4A626AEA}: DhcpNameServer = 10.74.210.210 10.74.210.211
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 15:35:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.22 15:35:30 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.22 15:33:54 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Müller\Desktop\JRT.exe
[2013.05.22 13:48:19 | 000,000,000 | ---D | C] -- C:\Users\Müller\Desktop\Trojanerjagd
[2013.05.22 13:45:29 | 000,000,000 | ---D | C] -- C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOINC
[2013.05.22 12:59:32 | 000,000,000 | ---D | C] -- C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.05.22 12:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013.05.22 12:16:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.22 11:29:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.22 11:29:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.22 11:29:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.22 10:52:34 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2013.05.22 10:49:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.22 10:48:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.17 17:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.05.16 21:07:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.16 21:07:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.16 21:07:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 21:07:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.16 21:07:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.16 21:07:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 21:07:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.16 21:07:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.16 21:07:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.16 21:07:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.16 21:07:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.16 21:07:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 21:07:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.16 21:07:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 21:07:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.16 20:28:42 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.16 20:28:42 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.16 20:28:41 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.16 20:28:40 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.16 20:27:32 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 20:27:32 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.16 20:27:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.15 21:13:03 | 000,000,000 | ---D | C] -- C:\Users\Müller\AppData\Roaming\Malwarebytes
[2013.05.15 21:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.15 21:12:09 | 000,000,000 | ---D | C] -- C:\Users\Müller\AppData\Local\Programs
[2013.05.02 21:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2013
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp files -> C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 15:47:07 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.22 15:34:31 | 000,632,031 | ---- | M] () -- C:\Users\Müller\Desktop\adwcleaner.exe
[2013.05.22 15:33:36 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Müller\Desktop\JRT.exe
[2013.05.22 15:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 14:47:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 13:46:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 13:46:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 13:37:50 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.05.22 13:37:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 13:37:32 | 2207,281,152 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 10:24:56 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013.05.20 17:21:43 | 000,017,469 | ---- | M] () -- C:\Users\Müller\Desktop\OTL.zip
[2013.05.20 14:40:29 | 000,000,000 | ---- | M] () -- C:\Users\Müller\defogger_reenable
[2013.05.17 15:18:38 | 000,000,862 | ---- | M] () -- C:\Windows\wiso.ini
[2013.05.17 14:19:10 | 000,283,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 21:11:35 | 001,636,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 21:11:35 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 21:11:35 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 21:11:35 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 21:11:35 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.15 20:21:39 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 20:21:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.07 21:45:48 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013.05.02 21:35:47 | 000,002,135 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.05.02 21:35:47 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp files -> C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.22 15:34:44 | 000,632,031 | ---- | C] () -- C:\Users\Müller\Desktop\adwcleaner.exe
[2013.05.22 11:29:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.22 11:29:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.22 11:29:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.22 11:29:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.22 11:29:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.20 17:21:43 | 000,017,469 | ---- | C] () -- C:\Users\Müller\Desktop\OTL.zip
[2013.05.20 14:40:29 | 000,000,000 | ---- | C] () -- C:\Users\Müller\defogger_reenable
[2013.05.07 21:45:48 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013.05.02 21:35:47 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk
[2012.11.14 20:48:08 | 000,004,121 | ---- | C] () -- C:\Users\Müller\AppData\Local\recently-used.xbel
[2012.08.10 21:40:24 | 000,090,200 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.07.25 19:57:11 | 000,149,880 | ---- | C] () -- C:\Windows\Wiainst64.exe
[2012.07.23 21:54:07 | 000,074,250 | ---- | C] () -- C:\Windows\hpqins16.dat
[2011.11.03 21:22:56 | 000,000,557 | ---- | C] () -- C:\Windows\wininit.ini
[2011.11.01 12:12:22 | 000,000,000 | ---- | C] () -- C:\Users\Müller\AppData\Local\{3FF5667D-E263-484F-891F-EAC309149007}
[2011.10.16 20:39:15 | 000,360,891 | R--- | C] () -- C:\Program Files (x86)\musiCutter0.7.1.zip
[2011.10.09 10:53:42 | 000,006,268 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.07.15 00:12:14 | 000,000,089 | ---- | C] () -- C:\Windows\ob1.INI
[2011.07.14 20:32:05 | 000,000,862 | ---- | C] () -- C:\Windows\wiso.ini
[2011.07.06 21:05:22 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.07.06 21:02:03 | 000,017,408 | ---- | C] () -- C:\Users\Müller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.05 21:40:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.05 20:18:27 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.05 20:18:26 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.07.05 20:18:19 | 000,037,574 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.07.05 20:18:15 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2011.07.05 20:17:52 | 000,007,250 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011.07.05 18:31:22 | 001,592,786 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.27 09:59:31 | 000,071,096 | ---- | C] () -- C:\Windows\SysWow64\NMSAccess32.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2012.01.27 22:32:55 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?É) -- C:\Windows\SysNative\鷐É
[2012.01.27 22:32:55 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?É) -- C:\Windows\SysNative\鷐É

< End of report >
und

Extras.txt

Code:
OTL Extras logfile created on: 22.05.2013 15:46:57 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Müller\Desktop\Trojanerjagd
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,74 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 42,01% Memory free
5,48 Gb Paging File | 3,41 Gb Available in Paging File | 62,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,99 Gb Total Space | 85,45 Gb Free Space | 30,09% Space Free | Partition Type: NTFS
 
Computer Name: MÜLLER-PC | User Name: Müller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1642583527-1093831069-1541574401-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037983C0-9FCC-4443-B1FE-B333D77E813D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{210D64F3-9399-4EF5-B49F-C98D8D3B3466}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3094B8A4-B10D-4D4F-B2FF-6876C9F16C9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3358D795-15D4-4449-AC25-B74424A48111}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3D6C8588-4A3A-4376-A2F1-40EE2C41D29C}" = lport=139 | protocol=6 | dir=in | app=system |
"{462FE069-10F0-4928-A768-BD273CA4858A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5271247C-BF3E-4F63-A144-DA498208F7CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56473A9D-AFEE-4FCD-99B7-4554089761AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E73A535-4DCA-480E-8B2B-17E2FA4B0B0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6FAE92C9-0F24-404B-BBA7-316FA9E6A5A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{727BECAF-F6F9-4EE3-ADC5-62411EE21291}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7296EC56-904B-4AD5-87A2-F3BFF3E78C7E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7ED09149-D4AF-4F23-8747-B0C05BC1AAFF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8298D12C-94AC-4EEA-ABE8-DFB19141BD6D}" = rport=137 | protocol=17 | dir=out | app=system |
"{93AF0BC9-C091-4B1A-9934-CC3D86545C6E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9AAD660A-FD52-49A7-A85A-AC3F8B003FF9}" = lport=138 | protocol=17 | dir=in | app=system |
"{A0989F12-8C4D-4DE1-B00A-3A7BC2702A0A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A42A3A89-B76A-43AE-8008-84AC1B44B07E}" = lport=445 | protocol=6 | dir=in | app=system |
"{AEEC2A9C-D2C2-495B-A0D7-5C951E5EEBED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8FB8CCA-B797-41DD-818D-8C465084C30B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B99BFB69-A00A-439C-A631-D8788D1E31A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C251AE31-DCB9-493C-8C6D-9CF73E97A20F}" = lport=137 | protocol=17 | dir=in | app=system |
"{D67FA821-DDEA-47D2-A61B-15547C7BFDE8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E53B98D8-B8EB-4629-93D1-E8FB2B4B2C7B}" = rport=138 | protocol=17 | dir=out | app=system |
"{E8F500B5-C853-4637-B278-D074DE4F1D10}" = rport=445 | protocol=6 | dir=out | app=system |
"{EC5801E8-0730-4415-A84C-FF94FBA6C90E}" = rport=139 | protocol=6 | dir=out | app=system |
"{F696A0D4-09A5-4086-A987-2DB64CC929AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BE36ED-8157-4EED-B1BE-4E0D8923C7E2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{04D77C18-4E61-49B9-B1B6-01AC37700E38}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{1A3DE25E-E895-40D1-BA7E-5264DF424745}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{268B17C2-0377-45EE-B1B0-8BAB8B8EB42E}" = protocol=17 | dir=in | app=c:\program files (x86)\scan assistant\usdagent.exe |
"{2AED3336-4A68-412B-8E84-06D3670F9A18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C894595-FFAB-4BA7-84F0-8EB799280814}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{31FE257B-2ACA-4CA4-B9D1-B619729F3CD4}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{3B537895-A349-4C88-92E6-4B15E5D17F8F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3BF6B39B-6AF6-4178-9266-7D51A7C26754}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"{3DBC8D6B-7EFA-4599-979A-A949AF5B77A8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{44815305-2423-438B-80B1-D9CF48265FE9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{48F4025F-533B-40E4-9DE3-5F431E0A5D65}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{5E9A1B3D-4808-4788-8AB3-9DE5EBD2FA9D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5F475D12-AE73-474E-8F85-55F45B218D1F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6A91EB36-C002-4619-A6AC-F46C82F336D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F7931D3-3EEB-4905-AB14-EC7AA770FD7A}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{6F929E99-AAEB-45DC-827D-7AB54F342DCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{753093D2-2B5E-4A9E-89E4-CADAC1AA8B11}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3400\scnsearch\usdagent.exe |
"{756EF8F6-0EC4-4E3D-8BE0-52313827A572}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"{77B5DC8A-AC97-47C0-BDD1-9A40398C33CB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78233441-4605-4449-91C7-02CC0C9F586B}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{7A69688A-788A-4B6D-B000-7912442696F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{837D21E1-3021-4242-AC1A-E3B7E313C73B}" = dir=in | app=c:\users\müller\appdata\local\microsoft\skydrive\skydrive.exe |
"{848871DC-2F4F-4E88-8A9C-27C86C7C29CA}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{88796B9F-795C-4FB2-BE3D-BCD4EB0B7621}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8970F89E-AF67-4F2B-9A1E-B30186CF52D1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8B4945DC-67B5-4246-89BE-20A34E762F72}" = protocol=6 | dir=out | app=system |
"{91131C1F-9B0F-43FF-9E9C-F82D36A85DD1}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{922AF9C4-6C1D-4E13-950D-174C46DB8049}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{9344825E-70F4-4E6F-BA32-FBE9D119C2BB}" = protocol=17 | dir=in | app=d:\alicecd.exe |
"{98AB0D88-4710-44AE-8401-BA0B306B46BD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{98BA6EB7-0057-4155-886C-A23967A449EC}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"{994F7B0C-2FDF-4EA2-A3E9-12F2DCD1B43D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CF2F72C-34BD-4372-AC75-84A4F96E5BCF}" = protocol=6 | dir=in | app=d:\alicecd.exe |
"{9DF72673-EB2A-48E7-8821-4D8BE443D765}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{9F8DE2AF-7D49-4EEE-9D20-EDB79F12C2D8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{AF2D442F-B33A-4429-8C2C-B4127184238F}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{B448A03D-AC51-4A30-871C-0A5BD18A7545}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B66D9501-A4A7-4091-8A7F-D5BFAAD98191}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{BA55E176-A262-4095-8B6F-4EC300A1917B}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{BE158759-2B6A-42F3-B0C2-205741556F8C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C5E9F30D-31DF-499B-A1A7-AA2F67CA2F31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C7DD36EF-884A-4108-81AF-B9AC5D868BE5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C837A472-3E72-46A5-A7D0-D01E86F88477}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{CD95844F-10F9-4E2B-AC94-F127B632040F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CF4AD5A0-0E0E-4464-A95A-BCCA028FCFBD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D647E2C0-ABC3-461B-8D80-AE4D88E59F95}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3400\scnsearch\usdagent.exe |
"{D8E587AB-F053-40AF-92E3-CCE4945409DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD8413E6-33E3-4101-A893-6F9D6A36C7B9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E15B2EA1-F0F0-4665-9CC4-524BC4C34061}" = protocol=6 | dir=in | app=c:\program files (x86)\scan assistant\usdagent.exe |
"{E80527BF-7B14-4AEF-990D-57F1C1BADE65}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"{EAF67748-9438-431A-9DA6-83E747A36781}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EDFDDD50-CD4A-44CE-809C-F307B5895E2F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA63E66A-7152-4452-BE37-8C02B47A2E71}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{FB327F1A-B0DB-4351-A538-883AFCE484B3}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{FBCE4981-A66D-41D6-8780-AFCC15FA8F1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{3E652411-9122-4EFF-BAE0-114DE95E7476}C:\program files (x86)\spybot - search & destroy 2\sdtray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdtray.exe |
"UDP Query User{9E4F39CE-BFEB-496E-8741-7AFCCDFBBCA2}C:\program files (x86)\spybot - search & destroy 2\sdtray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdtray.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68D2AC29-B594-466A-8D6F-238FA2135BB5}" = BOINC
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Scribus 1.4.2" = Scribus 1.4.2 (64bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{36F71986-194C-46E9-9612-0238ED00CA11}" = KPSA-Home
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{53652DA6-AD2D-4B0F-80BA-6F3CFE2B48D7}" = ZoneAlarm Security
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6ADCBB79-7B9A-449B-AE31-E1C7116042B9}" = ZoneAlarm Firewall
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72199E33-4F2A-4B7F-8E25-95DDDD50A678}" = Acer System Information
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.2.0
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1ABB265-926B-481C-8A51-8125566DFE82}" = Polar WebLink 2.4.13
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{cb41fc68-4442-4f7f-b22f-8f31c74897ac}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F2DA54F3-F7FB-4AE8-9B33-BEA5391E4A03}" = Z-DBackup
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"AC3Filter_is1" = AC3Filter 2.5b
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"CDex" = CDex - Open Source Digital Audio CD Extractor
"ChargeMonitor_is1" = ChargeMonitor V1.2
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"FileZilla Client" = FileZilla Client 3.6.0.2
"Free Audio Converter_is1" = Free Audio Converter version 5.0.4.1228
"Free Audio Editor_is1" = Free Audio Editor v9.0.1
"Free Studio_is1" = Free Studio version 5.3.3
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"IrfanView" = IrfanView (remove only)
"KPSA-Home" = KPSA-Home
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LManager" = Launch Manager
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSD Sovereign_is1" = MSD Sovereign
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Pixum Fotobuch" = Pixum Fotobuch
"Revo Uninstaller" = Revo Uninstaller 1.94
"Room Arranger" = Room Arranger (remove only)
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Scan Assistant" = Samsung Scan Assistant
"Samsung SCX-3400 Series" = Samsung SCX-3400 Series
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SpeedFan" = SpeedFan (remove only)
"Star Trek XI PCAP Ops Screen_is1" = Star Trek XI PCAP Ops Screen
"The Off By One Web Browser" = The Off By One Web Browser
"TIPP10_is1" = TIPP10 Version 2.1.0
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1642583527-1093831069-1541574401-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
Error encountered while reading event logs.
 
< End of report >

cosinus 22.05.2013 15:24

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
FF - user.js - File not found
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.3.16\bh\zonealarm.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.3.16\zonealarmTlbr.dll File not found
[2013.02.09 12:32:48 | 000,000,000 | ---D | M] (ZoneAlarm Do Not Track) -- C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com
[2013.02.08 23:09:11 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Müller\AppData\Roaming\mozilla\firefox\profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\content\ff\view_expiry.js
[2012.01.02 22:44:50 | 000,002,484 | ---- | M] () -- C:\Users\Müller\AppData\Roaming\mozilla\firefox\profiles\bcmcfwmt.default\searchplugins\ixquick.xml
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - prefs.js..extensions.enabledAddons: donottrack%40checkpoint.com:2.2.5.1213
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=515143689ac94bfa93db799b70f05c0e&tu=10GX0006W1B000c&sku=&tstsId=&ver=&
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\..\SearchScopes\{CDEF11D8-7175-476A-973C-EC26CF68D561}: "URL" = http://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&q={searchTerms}&gu=515143689ac94bfa93db799b70f05c0e&tu=10GX0006W1B000c&sku=&tstsId=&ver=&&r=374
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Selo2 22.05.2013 15:56
hier der Inhalt der OTL Datei

Code:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}\ deleted successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\META-INF folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\defaults\preferences folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\defaults folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\components folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\skin folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\locale\nl folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\locale\jp folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\locale\it folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\locale\fr folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\locale\es folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\locale\en folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\locale\de folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\locale folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\content\templates folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\content\reports folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\content\images folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\content\ff folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\content\css folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\content folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome folder moved successfully.
C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com folder moved successfully.
File C:\Users\Müller\AppData\Roaming\mozilla\firefox\profiles\bcmcfwmt.default\extensions\donottrack@checkpoint.com\chrome\content\ff\view_expiry.js not found.
C:\Users\Müller\AppData\Roaming\mozilla\firefox\profiles\bcmcfwmt.default\searchplugins\ixquick.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}\ not found.
File C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker not found.
Prefs.js: donottrack%40checkpoint.com:2.2.5.1213 removed from extensions.enabledAddons
HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1642583527-1093831069-1541574401-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CDEF11D8-7175-476A-973C-EC26CF68D561}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDEF11D8-7175-476A-973C-EC26CF68D561}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\Müller\Desktop\Trojanerjagd\cmd.bat deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: boinc_master
->Temp folder emptied: 348 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Müller
->Temp folder emptied: 86872487 bytes
->Temporary Internet Files folder emptied: 197411217 bytes
->FireFox cache emptied: 85295880 bytes
->Google Chrome cache emptied: 8397146 bytes
->Flash cache emptied: 684195 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38906 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50635 bytes
RecycleBin emptied: 225894678 bytes
 
Total Files Cleaned = 577,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 05222013_164654

Files\Folders moved on Reboot...
C:\Users\Müller\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
C:\Windows\temp\JET297F.tmp moved successfully.
C:\Windows\temp\JETB5B7.tmp moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Nach dem Re-boot Vorgang war die Meldung noch zu sehen.

cosinus 22.05.2013 20:12
Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

Selo2 22.05.2013 22:23
Hier der zweite OTL Scan

Code:
OTL logfile created on: 22.05.2013 23:02:55 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Müller\Desktop\Trojanerjagd
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,74 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 52,81% Memory free
5,48 Gb Paging File | 3,68 Gb Available in Paging File | 67,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,99 Gb Total Space | 85,72 Gb Free Space | 30,18% Space Free | Partition Type: NTFS
 
Computer Name: MÜLLER-PC | User Name: Müller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Müller\Desktop\Trojanerjagd\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe ()
PRC - C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Windows\SysWOW64\NMSAccess32.exe ()
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wcore13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae113.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wgui13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wkont13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsguiwinapi48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wauff13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wfvie13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rscorewinapi48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wfabu13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wwerb13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae413.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wimp13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\whau213.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\whau113.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae313.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wsteu13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae213.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wreli13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wmain13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsodbc48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsdcom48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\clucene-core.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\clucene-contribs-lib.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\clucene-shared.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Hardcopy\HcDllS.dll ()
MOD - C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Hardcopy\hardcopy_03.dll ()
MOD - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\Hardcopy\HcDLL2_30_Win32.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HauppaugeTVServer) -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE (Hauppauge Computer Works)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Windows\SysWOW64\NMSAccess32.exe ()
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (hcw95rc) -- C:\Windows\SysNative\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hcw95bda) -- C:\Windows\SysNative\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=174
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Müller\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Müller\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010.10.28 01:28:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.10.28 01:28:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.10.28 01:28:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 22:53:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.17 17:35:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 22:53:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.07.05 21:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Müller\AppData\Roaming\mozilla\Extensions
[2013.05.22 10:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions
[2012.12.11 15:37:12 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Müller\AppData\Roaming\mozilla\firefox\profiles\bcmcfwmt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.01.02 22:44:15 | 000,004,140 | ---- | M] () -- C:\Users\Müller\AppData\Roaming\mozilla\firefox\profiles\bcmcfwmt.default\searchplugins\youtube.xml
[2013.04.12 22:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\MüLLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCMCFWMT.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.XPI
[2013.04.12 22:53:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.11 21:40:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.06 09:26:50 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.11 21:40:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.11 21:40:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.11 21:40:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.11 21:40:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.google.com/
CHR - Extension: No name found = C:\Users\Müller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Müller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Müller\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\4.2.22.2_0\
CHR - Extension: No name found = C:\Users\Müller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4:64bit: - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" File not found
O4 - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - Startup: C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TMPU$$.TMP ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Müller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Müller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Müller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Müller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {E9B39AC7-B9FB-48CA-84A0-1659A05F0003} hxxp://www.wohnmoebel.de/csschmal/install/KPSA-Home%20CSSchmal.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B8E5C8D-8193-4FFB-8D49-F598C5726D61}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E7D753E-167F-44E3-A0FB-BE7D4A626AEA}: DhcpNameServer = 10.74.210.210 10.74.210.211
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 16:46:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.22 15:35:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.22 15:35:30 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.22 13:48:19 | 000,000,000 | ---D | C] -- C:\Users\Müller\Desktop\Trojanerjagd
[2013.05.22 13:45:29 | 000,000,000 | ---D | C] -- C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOINC
[2013.05.22 12:59:32 | 000,000,000 | ---D | C] -- C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.05.22 12:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013.05.22 12:16:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.22 11:29:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.22 11:29:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.22 11:29:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.22 10:52:34 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2013.05.22 10:49:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.22 10:48:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.17 17:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.05.16 21:07:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.16 21:07:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.16 21:07:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 21:07:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.16 21:07:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.16 21:07:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 21:07:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.16 21:07:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.16 21:07:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.16 21:07:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.16 21:07:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.16 21:07:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 21:07:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.16 21:07:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 21:07:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.16 20:28:42 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.16 20:28:42 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.16 20:28:41 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.16 20:28:40 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.16 20:27:32 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 20:27:32 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.16 20:27:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.15 21:13:03 | 000,000,000 | ---D | C] -- C:\Users\Müller\AppData\Roaming\Malwarebytes
[2013.05.15 21:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.15 21:12:09 | 000,000,000 | ---D | C] -- C:\Users\Müller\AppData\Local\Programs
[2013.05.02 21:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2013
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp files -> C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 23:01:04 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 23:01:04 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 22:53:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 22:52:46 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.05.22 22:52:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 22:52:35 | 2207,281,152 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 17:47:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.22 17:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 16:10:15 | 000,291,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.22 10:24:56 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013.05.20 17:21:43 | 000,017,469 | ---- | M] () -- C:\Users\Müller\Desktop\OTL.zip
[2013.05.20 14:40:29 | 000,000,000 | ---- | M] () -- C:\Users\Müller\defogger_reenable
[2013.05.17 15:18:38 | 000,000,862 | ---- | M] () -- C:\Windows\wiso.ini
[2013.05.16 21:11:35 | 001,636,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 21:11:35 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 21:11:35 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 21:11:35 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 21:11:35 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.15 20:21:39 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 20:21:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.07 21:45:48 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013.05.02 21:35:47 | 000,002,135 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.05.02 21:35:47 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp files -> C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.22 11:29:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.22 11:29:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.22 11:29:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.22 11:29:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.22 11:29:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.20 17:21:43 | 000,017,469 | ---- | C] () -- C:\Users\Müller\Desktop\OTL.zip
[2013.05.20 14:40:29 | 000,000,000 | ---- | C] () -- C:\Users\Müller\defogger_reenable
[2013.05.07 21:45:48 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013.05.02 21:35:47 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk
[2012.11.14 20:48:08 | 000,004,121 | ---- | C] () -- C:\Users\Müller\AppData\Local\recently-used.xbel
[2012.08.10 21:40:24 | 000,090,200 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.07.25 19:57:11 | 000,149,880 | ---- | C] () -- C:\Windows\Wiainst64.exe
[2012.07.23 21:54:07 | 000,074,250 | ---- | C] () -- C:\Windows\hpqins16.dat
[2011.11.03 21:22:56 | 000,000,557 | ---- | C] () -- C:\Windows\wininit.ini
[2011.11.01 12:12:22 | 000,000,000 | ---- | C] () -- C:\Users\Müller\AppData\Local\{3FF5667D-E263-484F-891F-EAC309149007}
[2011.10.16 20:39:15 | 000,360,891 | R--- | C] () -- C:\Program Files (x86)\musiCutter0.7.1.zip
[2011.10.09 10:53:42 | 000,006,268 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.07.15 00:12:14 | 000,000,089 | ---- | C] () -- C:\Windows\ob1.INI
[2011.07.14 20:32:05 | 000,000,862 | ---- | C] () -- C:\Windows\wiso.ini
[2011.07.06 21:05:22 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.07.06 21:02:03 | 000,017,408 | ---- | C] () -- C:\Users\Müller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.05 21:40:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.05 20:18:27 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.05 20:18:26 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.07.05 20:18:19 | 000,037,574 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.07.05 20:18:15 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2011.07.05 20:17:52 | 000,007,250 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011.07.05 18:31:22 | 001,592,786 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.27 09:59:31 | 000,071,096 | ---- | C] () -- C:\Windows\SysWow64\NMSAccess32.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2012.01.27 22:32:55 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?É) -- C:\Windows\SysNative\鷐É
[2012.01.27 22:32:55 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?É) -- C:\Windows\SysNative\鷐É

< End of report >
Mir ist aufgefallen, dass nur eine Datei erstellt wurde. Die OTL.txt.

Ich führe den Scan nochmal durch.

Gleichen Scan erneut wiederholt. Nur eine Datei.

Code:
OTL logfile created on: 22.05.2013 23:25:28 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Müller\Desktop\Trojanerjagd
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,74 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 46,03% Memory free
5,48 Gb Paging File | 3,60 Gb Available in Paging File | 65,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,99 Gb Total Space | 85,72 Gb Free Space | 30,18% Space Free | Partition Type: NTFS
 
Computer Name: MÜLLER-PC | User Name: Müller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Müller\Desktop\Trojanerjagd\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe ()
PRC - C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE (Hauppauge Computer Works)
PRC - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Windows\SysWOW64\NMSAccess32.exe ()
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wcore13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae113.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wgui13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wkont13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsguiwinapi48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wauff13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wfvie13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rscorewinapi48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wfabu13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wwerb13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae413.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wimp13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\whau213.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\whau113.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae313.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wsteu13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wbae213.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wreli13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\wmain13.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsodbc48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\rsdcom48.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\clucene-core.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\clucene-contribs-lib.dll ()
MOD - C:\Program Files (x86)\WISO\Steuersoftware 2013\clucene-shared.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Hardcopy\HcDllS.dll ()
MOD - C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Hardcopy\hardcopy_03.dll ()
MOD - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\Hardcopy\HcDLL2_30_Win32.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HauppaugeTVServer) -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE (Hauppauge Computer Works)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Windows\SysWOW64\NMSAccess32.exe ()
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (hcw95rc) -- C:\Windows\SysNative\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hcw95bda) -- C:\Windows\SysNative\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=174
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Müller\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Müller\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010.10.28 01:28:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.10.28 01:28:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.10.28 01:28:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 22:53:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.17 17:35:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 22:53:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.07.05 21:40:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Müller\AppData\Roaming\mozilla\Extensions
[2013.05.22 10:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Müller\AppData\Roaming\mozilla\Firefox\Profiles\bcmcfwmt.default\extensions
[2012.12.11 15:37:12 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Müller\AppData\Roaming\mozilla\firefox\profiles\bcmcfwmt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.01.02 22:44:15 | 000,004,140 | ---- | M] () -- C:\Users\Müller\AppData\Roaming\mozilla\firefox\profiles\bcmcfwmt.default\searchplugins\youtube.xml
[2013.04.12 22:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\MüLLER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BCMCFWMT.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.XPI
[2013.04.12 22:53:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.11 21:40:42 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.06 09:26:50 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.11 21:40:42 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.11 21:40:42 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.11 21:40:42 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.11 21:40:42 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.google.com/
CHR - Extension: No name found = C:\Users\Müller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Müller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Müller\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\4.2.22.2_0\
CHR - Extension: No name found = C:\Users\Müller\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4:64bit: - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" File not found
O4 - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - Startup: C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TMPU$$.TMP ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-1642583527-1093831069-1541574401-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Müller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Müller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Müller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Müller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {E9B39AC7-B9FB-48CA-84A0-1659A05F0003} hxxp://www.wohnmoebel.de/csschmal/install/KPSA-Home%20CSSchmal.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B8E5C8D-8193-4FFB-8D49-F598C5726D61}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E7D753E-167F-44E3-A0FB-BE7D4A626AEA}: DhcpNameServer = 10.74.210.210 10.74.210.211
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 16:46:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.22 15:35:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.22 15:35:30 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.22 13:48:19 | 000,000,000 | ---D | C] -- C:\Users\Müller\Desktop\Trojanerjagd
[2013.05.22 13:45:29 | 000,000,000 | ---D | C] -- C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOINC
[2013.05.22 12:59:32 | 000,000,000 | ---D | C] -- C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.05.22 12:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013.05.22 12:16:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.22 11:29:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.22 11:29:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.22 11:29:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.22 10:52:34 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2013.05.22 10:49:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.22 10:48:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.17 17:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.05.16 21:07:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.16 21:07:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.16 21:07:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 21:07:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.16 21:07:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.16 21:07:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 21:07:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.16 21:07:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.16 21:07:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.16 21:07:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.16 21:07:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.16 21:07:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 21:07:06 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.16 21:07:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 21:07:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.16 20:28:42 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.16 20:28:42 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.16 20:28:41 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.16 20:28:40 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.16 20:27:32 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 20:27:32 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.16 20:27:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.15 21:13:03 | 000,000,000 | ---D | C] -- C:\Users\Müller\AppData\Roaming\Malwarebytes
[2013.05.15 21:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.15 21:12:09 | 000,000,000 | ---D | C] -- C:\Users\Müller\AppData\Local\Programs
[2013.05.02 21:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2013
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp files -> C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 23:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 23:01:04 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 23:01:04 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 22:53:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 22:52:46 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.05.22 22:52:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 22:52:35 | 2207,281,152 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 17:47:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.22 16:10:15 | 000,291,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.22 10:24:56 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013.05.20 17:21:43 | 000,017,469 | ---- | M] () -- C:\Users\Müller\Desktop\OTL.zip
[2013.05.20 14:40:29 | 000,000,000 | ---- | M] () -- C:\Users\Müller\defogger_reenable
[2013.05.17 15:18:38 | 000,000,862 | ---- | M] () -- C:\Windows\wiso.ini
[2013.05.16 21:11:35 | 001,636,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 21:11:35 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 21:11:35 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 21:11:35 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 21:11:35 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.15 20:21:39 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 20:21:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.07 21:45:48 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013.05.02 21:35:47 | 000,002,135 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
[2013.05.02 21:35:47 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp files -> C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.22 11:29:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.22 11:29:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.22 11:29:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.22 11:29:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.22 11:29:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.20 17:21:43 | 000,017,469 | ---- | C] () -- C:\Users\Müller\Desktop\OTL.zip
[2013.05.20 14:40:29 | 000,000,000 | ---- | C] () -- C:\Users\Müller\defogger_reenable
[2013.05.07 21:45:48 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013.05.02 21:35:47 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk
[2012.11.14 20:48:08 | 000,004,121 | ---- | C] () -- C:\Users\Müller\AppData\Local\recently-used.xbel
[2012.08.10 21:40:24 | 000,090,200 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.07.25 19:57:11 | 000,149,880 | ---- | C] () -- C:\Windows\Wiainst64.exe
[2012.07.23 21:54:07 | 000,074,250 | ---- | C] () -- C:\Windows\hpqins16.dat
[2011.11.03 21:22:56 | 000,000,557 | ---- | C] () -- C:\Windows\wininit.ini
[2011.11.01 12:12:22 | 000,000,000 | ---- | C] () -- C:\Users\Müller\AppData\Local\{3FF5667D-E263-484F-891F-EAC309149007}
[2011.10.16 20:39:15 | 000,360,891 | R--- | C] () -- C:\Program Files (x86)\musiCutter0.7.1.zip
[2011.10.09 10:53:42 | 000,006,268 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.07.15 00:12:14 | 000,000,089 | ---- | C] () -- C:\Windows\ob1.INI
[2011.07.14 20:32:05 | 000,000,862 | ---- | C] () -- C:\Windows\wiso.ini
[2011.07.06 21:05:22 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.07.06 21:02:03 | 000,017,408 | ---- | C] () -- C:\Users\Müller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.05 21:40:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.07.05 20:18:27 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.05 20:18:26 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.07.05 20:18:19 | 000,037,574 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.07.05 20:18:15 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2011.07.05 20:17:52 | 000,007,250 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011.07.05 18:31:22 | 001,592,786 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.27 09:59:31 | 000,071,096 | ---- | C] () -- C:\Windows\SysWow64\NMSAccess32.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2012.01.27 22:32:55 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?É) -- C:\Windows\SysNative\鷐É
[2012.01.27 22:32:55 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?É) -- C:\Windows\SysNative\鷐É

< End of report >

Selo2 22.05.2013 22:44
Halt, hier die Extra.txt Datei:

Code:
OTL Extras logfile created on: 22.05.2013 23:25:28 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Müller\Desktop\Trojanerjagd
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,74 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 46,03% Memory free
5,48 Gb Paging File | 3,60 Gb Available in Paging File | 65,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,99 Gb Total Space | 85,72 Gb Free Space | 30,18% Space Free | Partition Type: NTFS
 
Computer Name: MÜLLER-PC | User Name: Müller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1642583527-1093831069-1541574401-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037983C0-9FCC-4443-B1FE-B333D77E813D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{210D64F3-9399-4EF5-B49F-C98D8D3B3466}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3094B8A4-B10D-4D4F-B2FF-6876C9F16C9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3358D795-15D4-4449-AC25-B74424A48111}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3D6C8588-4A3A-4376-A2F1-40EE2C41D29C}" = lport=139 | protocol=6 | dir=in | app=system |
"{462FE069-10F0-4928-A768-BD273CA4858A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5271247C-BF3E-4F63-A144-DA498208F7CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56473A9D-AFEE-4FCD-99B7-4554089761AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E73A535-4DCA-480E-8B2B-17E2FA4B0B0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6FAE92C9-0F24-404B-BBA7-316FA9E6A5A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{727BECAF-F6F9-4EE3-ADC5-62411EE21291}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7296EC56-904B-4AD5-87A2-F3BFF3E78C7E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7ED09149-D4AF-4F23-8747-B0C05BC1AAFF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8298D12C-94AC-4EEA-ABE8-DFB19141BD6D}" = rport=137 | protocol=17 | dir=out | app=system |
"{93AF0BC9-C091-4B1A-9934-CC3D86545C6E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9AAD660A-FD52-49A7-A85A-AC3F8B003FF9}" = lport=138 | protocol=17 | dir=in | app=system |
"{A0989F12-8C4D-4DE1-B00A-3A7BC2702A0A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A42A3A89-B76A-43AE-8008-84AC1B44B07E}" = lport=445 | protocol=6 | dir=in | app=system |
"{AEEC2A9C-D2C2-495B-A0D7-5C951E5EEBED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8FB8CCA-B797-41DD-818D-8C465084C30B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B99BFB69-A00A-439C-A631-D8788D1E31A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C251AE31-DCB9-493C-8C6D-9CF73E97A20F}" = lport=137 | protocol=17 | dir=in | app=system |
"{D67FA821-DDEA-47D2-A61B-15547C7BFDE8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E53B98D8-B8EB-4629-93D1-E8FB2B4B2C7B}" = rport=138 | protocol=17 | dir=out | app=system |
"{E8F500B5-C853-4637-B278-D074DE4F1D10}" = rport=445 | protocol=6 | dir=out | app=system |
"{EC5801E8-0730-4415-A84C-FF94FBA6C90E}" = rport=139 | protocol=6 | dir=out | app=system |
"{F696A0D4-09A5-4086-A987-2DB64CC929AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BE36ED-8157-4EED-B1BE-4E0D8923C7E2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{04D77C18-4E61-49B9-B1B6-01AC37700E38}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{1A3DE25E-E895-40D1-BA7E-5264DF424745}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{268B17C2-0377-45EE-B1B0-8BAB8B8EB42E}" = protocol=17 | dir=in | app=c:\program files (x86)\scan assistant\usdagent.exe |
"{2AED3336-4A68-412B-8E84-06D3670F9A18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C894595-FFAB-4BA7-84F0-8EB799280814}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{31FE257B-2ACA-4CA4-B9D1-B619729F3CD4}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{3B537895-A349-4C88-92E6-4B15E5D17F8F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3BF6B39B-6AF6-4178-9266-7D51A7C26754}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"{3DBC8D6B-7EFA-4599-979A-A949AF5B77A8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{44815305-2423-438B-80B1-D9CF48265FE9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{48F4025F-533B-40E4-9DE3-5F431E0A5D65}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{5E9A1B3D-4808-4788-8AB3-9DE5EBD2FA9D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5F475D12-AE73-474E-8F85-55F45B218D1F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6A91EB36-C002-4619-A6AC-F46C82F336D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F7931D3-3EEB-4905-AB14-EC7AA770FD7A}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{6F929E99-AAEB-45DC-827D-7AB54F342DCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{753093D2-2B5E-4A9E-89E4-CADAC1AA8B11}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3400\scnsearch\usdagent.exe |
"{756EF8F6-0EC4-4E3D-8BE0-52313827A572}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"{77B5DC8A-AC97-47C0-BDD1-9A40398C33CB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78233441-4605-4449-91C7-02CC0C9F586B}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{7A69688A-788A-4B6D-B000-7912442696F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{837D21E1-3021-4242-AC1A-E3B7E313C73B}" = dir=in | app=c:\users\müller\appdata\local\microsoft\skydrive\skydrive.exe |
"{848871DC-2F4F-4E88-8A9C-27C86C7C29CA}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{88796B9F-795C-4FB2-BE3D-BCD4EB0B7621}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8970F89E-AF67-4F2B-9A1E-B30186CF52D1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8B4945DC-67B5-4246-89BE-20A34E762F72}" = protocol=6 | dir=out | app=system |
"{91131C1F-9B0F-43FF-9E9C-F82D36A85DD1}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{922AF9C4-6C1D-4E13-950D-174C46DB8049}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{9344825E-70F4-4E6F-BA32-FBE9D119C2BB}" = protocol=17 | dir=in | app=d:\alicecd.exe |
"{98AB0D88-4710-44AE-8401-BA0B306B46BD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{98BA6EB7-0057-4155-886C-A23967A449EC}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"{994F7B0C-2FDF-4EA2-A3E9-12F2DCD1B43D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CF2F72C-34BD-4372-AC75-84A4F96E5BCF}" = protocol=6 | dir=in | app=d:\alicecd.exe |
"{9DF72673-EB2A-48E7-8821-4D8BE443D765}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{9F8DE2AF-7D49-4EEE-9D20-EDB79F12C2D8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{AF2D442F-B33A-4429-8C2C-B4127184238F}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{B448A03D-AC51-4A30-871C-0A5BD18A7545}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B66D9501-A4A7-4091-8A7F-D5BFAAD98191}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{BA55E176-A262-4095-8B6F-4EC300A1917B}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{BE158759-2B6A-42F3-B0C2-205741556F8C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C5E9F30D-31DF-499B-A1A7-AA2F67CA2F31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C7DD36EF-884A-4108-81AF-B9AC5D868BE5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C837A472-3E72-46A5-A7D0-D01E86F88477}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{CD95844F-10F9-4E2B-AC94-F127B632040F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CF4AD5A0-0E0E-4464-A95A-BCCA028FCFBD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D647E2C0-ABC3-461B-8D80-AE4D88E59F95}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3400\scnsearch\usdagent.exe |
"{D8E587AB-F053-40AF-92E3-CCE4945409DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DD8413E6-33E3-4101-A893-6F9D6A36C7B9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E15B2EA1-F0F0-4665-9CC4-524BC4C34061}" = protocol=6 | dir=in | app=c:\program files (x86)\scan assistant\usdagent.exe |
"{E80527BF-7B14-4AEF-990D-57F1C1BADE65}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"{EAF67748-9438-431A-9DA6-83E747A36781}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EDFDDD50-CD4A-44CE-809C-F307B5895E2F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA63E66A-7152-4452-BE37-8C02B47A2E71}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{FB327F1A-B0DB-4351-A538-883AFCE484B3}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{FBCE4981-A66D-41D6-8780-AFCC15FA8F1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{3E652411-9122-4EFF-BAE0-114DE95E7476}C:\program files (x86)\spybot - search & destroy 2\sdtray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdtray.exe |
"UDP Query User{9E4F39CE-BFEB-496E-8741-7AFCCDFBBCA2}C:\program files (x86)\spybot - search & destroy 2\sdtray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdtray.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68D2AC29-B594-466A-8D6F-238FA2135BB5}" = BOINC
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Scribus 1.4.2" = Scribus 1.4.2 (64bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{36F71986-194C-46E9-9612-0238ED00CA11}" = KPSA-Home
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{53652DA6-AD2D-4B0F-80BA-6F3CFE2B48D7}" = ZoneAlarm Security
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6ADCBB79-7B9A-449B-AE31-E1C7116042B9}" = ZoneAlarm Firewall
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72199E33-4F2A-4B7F-8E25-95DDDD50A678}" = Acer System Information
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.2.0
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1ABB265-926B-481C-8A51-8125566DFE82}" = Polar WebLink 2.4.13
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{cb41fc68-4442-4f7f-b22f-8f31c74897ac}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F2DA54F3-F7FB-4AE8-9B33-BEA5391E4A03}" = Z-DBackup
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"AC3Filter_is1" = AC3Filter 2.5b
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"CDex" = CDex - Open Source Digital Audio CD Extractor
"ChargeMonitor_is1" = ChargeMonitor V1.2
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"FileZilla Client" = FileZilla Client 3.6.0.2
"Free Audio Converter_is1" = Free Audio Converter version 5.0.4.1228
"Free Audio Editor_is1" = Free Audio Editor v9.0.1
"Free Studio_is1" = Free Studio version 5.3.3
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"IrfanView" = IrfanView (remove only)
"KPSA-Home" = KPSA-Home
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LManager" = Launch Manager
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSD Sovereign_is1" = MSD Sovereign
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Pixum Fotobuch" = Pixum Fotobuch
"Revo Uninstaller" = Revo Uninstaller 1.94
"Room Arranger" = Room Arranger (remove only)
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Scan Assistant" = Samsung Scan Assistant
"Samsung SCX-3400 Series" = Samsung SCX-3400 Series
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SpeedFan" = SpeedFan (remove only)
"Star Trek XI PCAP Ops Screen_is1" = Star Trek XI PCAP Ops Screen
"The Off By One Web Browser" = The Off By One Web Browser
"TIPP10_is1" = TIPP10 Version 2.1.0
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1642583527-1093831069-1541574401-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
Error encountered while reading event logs.
 
< End of report >

cosinus 22.05.2013 22:50
Hab ihn gefunden

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
FF - user.js - File not found
O4 - Startup: C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TMPU$$.TMP ()
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Selo2 22.05.2013 23:08
Hier das Ergebnis nach dem Hochfahren. Scheint geklappt zu haben, da keine Meldung mehr nach diesem Hochfahren angezeigt wurde. Eine Idee, was das für ein Teil war ....?

Code:
All processes killed
========== OTL ==========
C:\Users\Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TMPU$$.TMP moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\Müller\Desktop\Trojanerjagd\cmd.bat deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: boinc_master
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Müller
->Temp folder emptied: 67582 bytes
->Temporary Internet Files folder emptied: 33300 bytes
->FireFox cache emptied: 95612741 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2086 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 91,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 05232013_000106

Files\Folders moved on Reboot...
File\Folder C:\Users\Müller\AppData\Local\Temp\CVHLauncher(20130522225325908).log not found!
C:\Users\Müller\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
C:\Windows\temp\JET8CE3.tmp moved successfully.
C:\Windows\temp\JETBDC2.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 22.05.2013 23:11
Das Teil war nur ein verwaister Autostarteintrag. Da wurde etwas als Verknüpfung in den Autostart geschrieben, das Ziel wurde aber irgendwann gelöscht, so dass dann eine Fehlermeldung kommt. Ist wie mit deinstallierten Programmen, das Programm ist deinstalliert aber diverse Verknüpfungen tummeln sich noch auf Desktop & Co - der Versuch das entfernte Programm über die Verknüpfung zu starten endet in der Meldung, dass das Programm nicht gefunden wurde

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Selo2 22.05.2013 23:18
Wow, danke für die echt professionelle Hilfe. Ich werde Euer Forum auf jeden Fall weiterempfehlen. Und auf Euer Konto überweise ich auch einen Betrag.

Herzlichen Dank!

cosinus 22.05.2013 23:20
Danke :) aber noch sind wir nicht ganz durch, mach bitte die Kontrollscans :cool:

Selo2 22.05.2013 23:26
Nachtrag: ich werde den Scan mit ESET nach meinem Urlaub zu Hause durchführen. Melde mich am Wochenende nochmal mit dem Ergebnis.

Nochmals vielen Dank.

Selo2 25.05.2013 12:16
@ Cosinus: Überweisung erfolgt kommendes Wochenende. Muss erst Geld auf 's Konto. ESET folgt morgen. Beste Grüße

cosinus 26.05.2013 18:24
Ok, danke! :)

Selo2 26.05.2013 18:48
Hier die versprochenen Infos:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=62b95eee9097d546b8eb20b1a076816a
# engine=13917
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-26 10:50:56
# local_time=2013-05-26 12:50:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 99 85575 234985146 78317 0
# compatibility_mode=5893 16776573 100 94 85332 121195306 0 0
# scanned=1016
# found=0
# cleaned=0
# scan_time=218
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=62b95eee9097d546b8eb20b1a076816a
# engine=13917
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-26 05:35:54
# local_time=2013-05-26 07:35:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 99 109873 235009444 102615 0
# compatibility_mode=5893 16776573 100 94 109630 121219604 0 0
# scanned=604654
# found=0
# cleaned=0
# scan_time=24250

cosinus 26.05.2013 19:17
Ok, fehlt noch malwarebytes


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:15 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19